49131031883ef8af98d3c7b0ebd15299_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49131031883ef8af98d3c7b0ebd15299_JaffaCakes118
Size

7KB
MD5

49131031883ef8af98d3c7b0ebd15299
SHA1

93b2c780e3084d5bb40abdf244a8bc13ca513567
SHA256

890b2460cc3bf0718855f82a72d8ee2c1b0d25b86b9a8b061da8e74054445775
SHA512

6f989ee937bf7c4e1fdc30abea1d0e51d318e145febfaff1954198695298a068a091a31c6e79cc5e160f60d5a3c023cc5549801d363f43b547b724ebc5e3b1f8
SSDEEP

96:wleTvRp+HHLG18RfzNyM3nEC5E4KSja3dLNDVltkfC13dPHo2LEIO16r/vcOme:95SHqyNyGnVvKSWRptkqfPMIO1+/v8e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49131031883ef8af98d3c7b0ebd15299_JaffaCakes118

Files

49131031883ef8af98d3c7b0ebd15299_JaffaCakes118
.exe windows:4 windows x86 arch:x86

534b64c7ff2011bb9e35599f2b766adf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
WideCharToMultiByte
lstrcpyA
lstrcatA
CreateEventA
WaitForSingleObject
HeapAlloc
HeapFree
ReadFile
CloseHandle
GetModuleHandleA
SetEvent
CreateThread
GetProcAddress
ExitThread
CompareStringA
Process32First
CreateToolhelp32Snapshot
RtlUnwind
InterlockedExchange
VirtualQuery
GetProcessHeap
ExitProcess
PulseEvent

user32

PeekMessageA
DispatchMessageA
TranslateMessage
CreateWindowExA
DestroyWindow
ShowWindow
GetParent
GetDesktopWindow
MsgWaitForMultipleObjects

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE