645420bac0dd6dbedcc2f9177d83938d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

645420bac0dd6dbedcc2f9177d83938d_JaffaCakes118
Size

330KB
MD5

645420bac0dd6dbedcc2f9177d83938d
SHA1

a59e8d9ad8aac1fd8bcb6b7c00e787863ff6260b
SHA256

6765772d1a4a8cebd45a915d5c8e898ba357b7ce69979255152124f50f6a38c2
SHA512

62918c4becdc7b4fcdb0d92ae2ee7c042cb3691f11cfd981b9e9fd07ecad44236793a7e8f11c431f03b2b158aeff37b8f2a31ab2364c0f84bf222f2d5ddd00b3
SSDEEP

6144:oL1JKXzL5vOTiIIWPkHHScTXuXY6ZzIqQFM1TAP4ClREfJo4SKb3gxqF7C:oL3KNOT5PmDIpZsqNNAP4ClREZNb3OqU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
645420bac0dd6dbedcc2f9177d83938d_JaffaCakes118

Files

645420bac0dd6dbedcc2f9177d83938d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

933517c0e3de4be543baceb14e2c03bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GlobalUnlock
GetConsoleCP
SetConsoleCP
CompareFileTime
LoadLibraryExA
CloseHandle
HeapReAlloc
VirtualProtect
GetAtomNameA
GetVersion
GetSystemDefaultLangID
WaitForMultipleObjects
GetStdHandle
GetModuleHandleA
InterlockedExchange
GetCommandLineA
SuspendThread
HeapCreate
WaitForSingleObject
lstrlenA

user32

EnableScrollBar
GetKeyState
InvertRect
InsertMenuA
DrawCaption
DialogBoxParamA
FindWindowA
SetPropA
GetKeyboardLayout
GetCursorInfo
DestroyMenu
DragObject
CreateMenu
IsDialogMessage
DispatchMessageA
GetDlgItem
CopyImage
SetScrollInfo
FillRect
SetWindowPos
CreateIcon

advapi32

RegQueryInfoKeyA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyA
RegCloseKey

apphelp

ApphelpCheckExe

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ