4a9e279bce80129ac75506504cf77e06_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a9e279bce80129ac75506504cf77e06_JaffaCakes118
Size

18KB
MD5

4a9e279bce80129ac75506504cf77e06
SHA1

a5f619c5199e23c37001ad33ad6b94c46f959325
SHA256

15d1ecc4eb2784abab9d4c27a73a6f3b9051f8be9d08850e05658f971f924a74
SHA512

11717b9c796aca6e021858d359b533a6642408424f0ac59f37672b7045fa7aed1d784e1b12426521d69c7307c179907823fc3e0c8b155b3b686bb1878f6fe311
SSDEEP

192:HwfpFv9KxQnAGccHmNqnvn1GMBUbVXFD97Rk8WOsdZKBxTRy:NFG1mqnXoV1D97FWO8KBxo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a9e279bce80129ac75506504cf77e06_JaffaCakes118

Files

4a9e279bce80129ac75506504cf77e06_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3edc46f8a2ebd56ef40481a2257374c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetProcessVersion
GetStdHandle
CreateHardLinkA
GetCommConfig
HeapDestroy
IsDebuggerPresent
GetModuleHandleA
WaitForSingleObject
VirtualProtect
HeapCreate
GetLogicalDrives
GetTimeFormatA
GetEnvironmentStringsA
GetCurrentProcessId
DeleteAtom
GetTapeStatus
GetACP
GetCurrentThread
CreateFileMappingA
InterlockedExchange

user32

FrameRect
GetClassNameA
ShowWindow
EndPaint
FillRect
GetCursorPos
GetWindow
ReleaseDC
GetParent
GetFocus
BeginPaint
DrawTextA
GetWindowTextLengthA
GetTitleBarInfo
SetActiveWindow
DragDetect
wsprintfA
GetDlgItem
SetForegroundWindow

advapi32

RegCreateKeyA
RegCloseKey
RegEnumKeyA
RegSetValueExA
RegFlushKey

setupapi

SetupCloseLog

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ