6240ecdc6d1a5f4f4ed3da11c27ffdf6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6240ecdc6d1a5f4f4ed3da11c27ffdf6_JaffaCakes118
Size

183KB
MD5

6240ecdc6d1a5f4f4ed3da11c27ffdf6
SHA1

9ad6781e9a2ad1e7109879b9f6db5cea3b0e49eb
SHA256

a36b4dccbf52c35e92f797fae8a2e1b20b6b652f8ccc61ce44dc1d7ef7da8b6f
SHA512

1a25d781c536a1ab872c2e38ba3065817f431c9c72109d5234708eb1276a98f7da37795398094e72dee7afe1f1642fab6a76a0b60c5c56ab85674f7f9a9bad02
SSDEEP

3072:uafgPGlrAcQDYy63b8b0trHiCZMXwBpx4gDGX9onfA:ufAA/Ey6NtVmwBMlX9onf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6240ecdc6d1a5f4f4ed3da11c27ffdf6_JaffaCakes118

Files

6240ecdc6d1a5f4f4ed3da11c27ffdf6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

900924f5d2f28e3701ef6e32fd4f1671

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

version

VerFindFileA

shlwapi

SHStrDupA
SHGetValueA
PathFileExistsA
PathIsDirectoryA
SHDeleteKeyA
SHDeleteValueA

user32

GetFocus
GetKeyboardState
GetKeyboardLayout
GetCursor
GetKeyState
GetSysColorBrush
GetDC
GetKeyNameTextA

kernel32

VirtualAlloc
GetThreadLocale
GetVersionExA
GlobalAddAtomA
GetModuleHandleA
GlobalDeleteAtom
ExitProcess
GlobalAlloc

gdi32

CreatePenIndirect
GetObjectA
GetBkColor

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ