60c586e1b6c19864b12cb7c761799c60_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

60c586e1b6c19864b12cb7c761799c60_JaffaCakes118
Size

163KB
MD5

60c586e1b6c19864b12cb7c761799c60
SHA1

3ab742f56030f03083697663ff04b77abcdac28c
SHA256

c476338e3524cff4052dcea96458a1b8dea63bb5d30f9d2db12528eb25e328f8
SHA512

08ddb1c4adc4219b1c736c8bab1d13bbf59faed5196b2b8aeff692f6b04ed4945fdeeb797ae34507b66444e3b56bb70d98a302fb7227312a8b9342cd4ac5ceee
SSDEEP

3072:mvoXDsOmH4xPlBUnEK6UotjKils44CwvUQeAhz7aJdqtcfW9ZAvX5oPxE:RbmszUEVhW8QeAhz7aJdWIoP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60c586e1b6c19864b12cb7c761799c60_JaffaCakes118

Files

60c586e1b6c19864b12cb7c761799c60_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8839dcb16a250d657b967a7ec300499e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetTopWindow
GetKeyState
CharNextA
MessageBoxA
wsprintfA
CharUpperA
wsprintfW
CharLowerA

kernel32

FlushFileBuffers
GetThreadIOPendingFlag
GetTempPathW
InterlockedIncrement
CompareStringA
CloseHandle
TransmitCommChar
GetProcAddress
SetStdHandle
InterlockedDecrement
CreateMutexA
EnumResourceNamesW
FreeLibrary
CompareStringW
MultiByteToWideChar
IsBadReadPtr
WideCharToMultiByte
LoadLibraryW
GetModuleFileNameA
GetLastError
ExitProcess
SetEndOfFile
LoadLibraryA
WriteFile
CreateFileW
SetEnvironmentVariableA

msimg32

AlphaBlend
TransparentBlt

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ