6997c469cbd5ddc13b6a188433d0d74d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6997c469cbd5ddc13b6a188433d0d74d_JaffaCakes118
Size

120KB
MD5

6997c469cbd5ddc13b6a188433d0d74d
SHA1

d94f7738811525bedf532bf7e3a417a6c60127ee
SHA256

bafde4f06b44148a2d914a77951620e4ddc4a9d60325f4f0126570ad9351797c
SHA512

28e89c8b047271862012d7bf9f364dd53bddaf49b092cecd18112be5a4c72b81a3e7e7514ae4a8ddc5c5b913c7f534ca997b550fc781333a252a0e0798ece085
SSDEEP

1536:CawuwcZbOrNhncR1zUhgKO5Ydxov6ny0cj0ti7GqRKPAE3w1:CaJZOZhcR1lYdavd5j0tifYPp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6997c469cbd5ddc13b6a188433d0d74d_JaffaCakes118

Files

6997c469cbd5ddc13b6a188433d0d74d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1cc0964766513d484ae9b1f720b24b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_ftol
modf
malloc
??3@YAXPAX@Z
free
sprintf
strncpy
strncmp
strtod
??2@YAPAXI@Z
strrchr
_strnicmp

winmm

timeSetEvent
timeKillEvent

kernel32

CreateProcessA
WaitForSingleObject
CreateFileA
GetStartupInfoA
GetModuleFileNameA
IsBadReadPtr
HeapFree
LCMapStringA
WriteFile
MoveFileExA
OpenProcess
ExitProcess
GetProcessHeap
GetModuleHandleA
HeapAlloc
CloseHandle

user32

IsWindowVisible
GetWindowTextLengthA
GetWindowTextA
EnumWindows
MessageBoxA
wsprintfA
DispatchMessageA
GetWindowThreadProcessId
GetMessageA
TranslateMessage

psapi

GetModuleFileNameExA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE