642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118 | Triage

Sharing

General

Target

642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118
Size

2.3MB
MD5

642c7e392ec81cc07c29729f0dd77b7d
SHA1

92fe86f188a91f9bf842f17b8641dfba116b1bb4
SHA256

1568e5a56b0637b85eda10f905f5057b8416e157fb635168f53743ed215fae5d
SHA512

2dc3dac2f5e282c5b18491eb44a3426b0fee94f7663a6ccbe5635c5c8f34f2d2957e0eb56f2482ba6a15bb47fb6b8371440722f595d3ac1764133068bb4ff373
SSDEEP

49152:+EJ6nteJD5kZS4SQsZbBfZCEoEgjUKhq7ZwYo5rRW8xn4:+EJ6CD5kZSYsZbv5gjvKZwYMrs8l4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118

Files

642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d40bc480e12e051517b79781d48e6206

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetKeyboardType
CreateWindowExA
DdeCmpStringHandles
ExitWindowsEx

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
DeleteCriticalSection
TlsSetValue
lstrcpyA
Sleep

advapi32

RegQueryValueExA
RegSetValueExA

oleaut32

SysFreeString
SafeArrayPtrOfIndex
GetErrorInfo

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

wininet

InternetGetConnectedState

wsock32

WSACleanup

Sections

.text
Size: 45KB - Virtual size: 23.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE