68b1094c88ecdae142a34048459044fc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

68b1094c88ecdae142a34048459044fc_JaffaCakes118
Size

83KB
MD5

68b1094c88ecdae142a34048459044fc
SHA1

42d648694919c80107bc78b4b627b0bdcf784804
SHA256

5bbb4b1de8f6ffba3b298b6eedd719d8e46d2b49cc861edfbb26ed9f07d5a79c
SHA512

9543b28b2c571ac8263b926c9c40dcfdabd637ef4bbf954c310117e7495a2b0cd86af2fdf6bb55f5c6e9ebcfe89c2f41ab18b130b649771d18923629ecea5f77
SSDEEP

1536:g8qlbFXoelUAL8eChKrKOz9xzXgVy7c9nWeUiaNC7EYe2wV/pNOnoPCkrngTKOnq:g8qlbFXPuKrKs9xzXeynC7tefVPDmW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68b1094c88ecdae142a34048459044fc_JaffaCakes118

Files

68b1094c88ecdae142a34048459044fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ce59fe2f9fcb10686f360875db48d750

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shlwapi

StrToIntA
wvnsprintfA

kernel32

lstrcmpA
lstrcmpW
GetCommandLineW
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
ExitProcess
lstrlenA
lstrcpyA
GetProcAddress

user32

PostQuitMessage
DestroyWindow
PostMessageA
GetWindowTextA
DestroyIcon
DispatchMessageA
TranslateMessage
GetMessageA
GetCursorPos
CreateDialogParamA
RegisterWindowMessageA
EnumWindows
SetForegroundWindow
TrackPopupMenu
DestroyMenu
wsprintfA
MessageBoxA
CreatePopupMenu
LoadIconA
EnableMenuItem
InsertMenuA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

shell32

CommandLineToArgvW
Shell_NotifyIconA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE