6191d7a14bfdf26d15aa60dd36fb1e74_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6191d7a14bfdf26d15aa60dd36fb1e74_JaffaCakes118
Size

313KB
MD5

6191d7a14bfdf26d15aa60dd36fb1e74
SHA1

ea645db7dfd06497dd1968e3dd2ec797ccc45462
SHA256

edde0f2b058830f74d5aee4821e5ce20da2e76aeff1178bf3df6bafa2d6ef9be
SHA512

00d7f6c843a3354427f5c56aef62c5abda1222dc5483a0dff4c445be670197fb0ac6bcab0cbb65c118da136ec0bc27c8269b2ebb167176b6b60bea2a1cd0c74a
SSDEEP

6144:uClhr2yQX1BATWJVtGS1pkisvlAg36qHaYs6dPFyyukx/nembnsnAExo4VGo+2ms:tAyQlBAT8tqNAAUWdyyLxjzsAE3cJOC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6191d7a14bfdf26d15aa60dd36fb1e74_JaffaCakes118

Files

6191d7a14bfdf26d15aa60dd36fb1e74_JaffaCakes118
.exe windows:4 windows x86 arch:x86

007b81743eddb0b413ba0587e0138a79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetWindowTextA
EnumWindowStationsW
EndDialog
MessageBoxA
GetWindowTextLengthA
DdeDisconnect
SetRectEmpty
CreateDialogIndirectParamA
EnableMenuItem
TrackPopupMenuEx
ClientToScreen
RegisterClassA

secur32

GetUserNameExW

kernel32

GetProcessHeaps
lstrlenW
EnterCriticalSection
FlushFileBuffers
GetProcessHeap
LeaveCriticalSection
ExitProcess
LockResource
IsBadWritePtr
lstrcatA
HeapFree
HeapAlloc

advapi32

RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyA
RegDeleteValueA
RegOpenKeyExA
RegSetValueA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CreateOleAdviseHolder

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.venue
Size: 5KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ