4dc544576f1720cabd88f345ec9ecbdc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4dc544576f1720cabd88f345ec9ecbdc_JaffaCakes118
Size

178KB
MD5

4dc544576f1720cabd88f345ec9ecbdc
SHA1

88c01b3df027b1528f89e123916d532c7ffcd508
SHA256

8859d91d1664a6fa345e7d549ae6aa9c8d770d308afde1ca98519b13c492525e
SHA512

985f15d8ed6aebef577113899558be9ae5f2d8ee8c42ee7c7e307d22dfe7247b654bcc01040fb2c165847e2f214219f5015a3984fc2af5b15aa206a39e48b05a
SSDEEP

3072:m3GucVa9EVx0Urv15cbrgmClvcZGVmDHPL27u6IxVrFWqZWHVQNiv0LP:m3GFaWP0Av15cQmevFiP0urxNgNHuNfL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dc544576f1720cabd88f345ec9ecbdc_JaffaCakes118

Files

4dc544576f1720cabd88f345ec9ecbdc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7b3c497ccd5f9ca983fe3fe60db7ba43

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

kernel32

WriteFile
CompareStringW
FreeLibrary
GetThreadIOPendingFlag
SetEndOfFile
CreateFileW
TransmitCommChar
LoadLibraryW
GetLastError
InterlockedIncrement
FlushFileBuffers
GetModuleFileNameA
EnumResourceNamesW
GetProcAddress
CloseHandle
IsBadReadPtr
LoadLibraryA
InterlockedDecrement
ExitProcess
CreateMutexA
WideCharToMultiByte
SetStdHandle
CompareStringA
MultiByteToWideChar
GetTempPathW
SetEnvironmentVariableA

user32

CharNextA
MessageBoxA
wsprintfA
CharUpperA
wsprintfW
GetTopWindow
GetKeyState
CharLowerA

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ