4b2f8180c2704f7ab97b976ceb5bc901_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b2f8180c2704f7ab97b976ceb5bc901_JaffaCakes118
Size

823KB
MD5

4b2f8180c2704f7ab97b976ceb5bc901
SHA1

6f8527f8761c8cf83621cc5ba6a928e1e0922362
SHA256

d4d0791f4a1849a31a2b0e93ca9aa2a3af82c60c300bb2dd203ae8cf7abfd3ed
SHA512

c5e1b3adc568336bd6cb799e90c71a9a0fd1c83fd8238508bb7324bb850f6ff4265d09440d024fca940dfefbe813b5c466adbcb5791aa58f121af1d69b2e3c77
SSDEEP

12288:HqJ5Zt4CcXuFi6N1N6Iw4yGQLWfVeXNKrIV1Xwktba4Le8FrGBCxk/kODp6aXw:HqD4CcU5OKrIfXwktu4LeSykkxXw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b2f8180c2704f7ab97b976ceb5bc901_JaffaCakes118

Files

4b2f8180c2704f7ab97b976ceb5bc901_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c83134e1167b64f666bd6747f56a4c35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetACP
GetPrivateProfileIntW
GetEnvironmentVariableA
WriteFile
CreateThread
FindVolumeClose
GlobalSize
LocalFree
GetDriveTypeW
GetModuleHandleW
ResetEvent
lstrlenA
CloseHandle
ResumeThread
GetMailslotInfo
InterlockedExchange
GetExitCodeProcess
GlobalFree
GetCommandLineA

user32

GetKeyboardType
DrawStateW
GetClientRect
GetSysColor
DispatchMessageA
GetClassInfoA
CreateWindowExA
GetSysColor
SetFocus
EndDialog
CallWindowProcW
IsWindow
GetCursorInfo

qedit

DllUnregisterServer
DllGetClassObject
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ