426b1da49f53ba94f80d85fa97ecb151_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

426b1da49f53ba94f80d85fa97ecb151_JaffaCakes118
Size

51KB
MD5

426b1da49f53ba94f80d85fa97ecb151
SHA1

1e773bae8656762692c9ec31c3c2d6cbad696b30
SHA256

845c79497100b21529208a210d9bec83c8eb59f57743bc1f3d4571ddb71868bc
SHA512

def67dacf35b069dff28cf17cba817ef5f695df232009fac3412c579f22f34e3a1546aa3adc88506f9743ff700fb54e5d731e35626e3c894c092e35597c3a0e2
SSDEEP

1536:Uj++UuF3qq4SBO+HqvGJ5qZxQj4/yNyIH/HP9dc0v:Ujxz/IqqCWX/yAIvVdzv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
426b1da49f53ba94f80d85fa97ecb151_JaffaCakes118

Files

426b1da49f53ba94f80d85fa97ecb151_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8ddf4a948c159646937a486bbe3804af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FreeEnvironmentStringsA
GetACP
GetCommConfig
GetNumberOfConsoleMouseButtons
GetProfileSectionW
GlobalAlloc
LoadLibraryA
LocalShrink
LockFile
ReadConsoleOutputAttribute
RemoveDirectoryA
SetEnvironmentVariableA
SetProcessAffinityMask
Thread32First

advapi32

AccessCheck
BuildImpersonateExplicitAccessWithNameW
CryptAcquireContextA
CryptSetProvParam
ImpersonateNamedPipeClient
LogonUserA
LookupSecurityDescriptorPartsW
ReadEventLogW
RegUnLoadKeyW

user32

ChangeMenuW
CharNextW
CharPrevA
DdeGetLastError
DdeImpersonateClient
DlgDirListComboBoxW
GetInputState
GetMenuBarInfo
GetTopWindow
MapDialogRect
MessageBoxExA
OpenDesktopA
SetScrollRange
SubtractRect
keybd_event

shell32

Control_RunDLLA
DragQueryFileA
ExtractIconW
SHAddToRecentDocs
SHQueryRecycleBinW
SheChangeDirExA
SheFullPathW
SheRemoveQuotesW
ShellExecuteExW

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE