69cab59c3c50f37547b9183dcfd9e832_JaffaCakes118 | Triage

Sharing

General

Target

69cab59c3c50f37547b9183dcfd9e832_JaffaCakes118
Size

698KB
MD5

69cab59c3c50f37547b9183dcfd9e832
SHA1

cc5bb4a05f738921e16dd722c9d2c88b3e58e4fb
SHA256

f82000ac2283a19ce6d333d1008446dabfcd3e4b9ce8e947480b05d35146a6d3
SHA512

f2171edb2f7d3eb2250b296f9aa9ca9422a8d9ea0b58b30f04d5ad6c498c178b3294bf2b3db7b4ebc203195d07682f39824462d88b83d570102c84b9a3ea85b6
SSDEEP

12288:kbIbjjh5eSwXUQiYv5cPnzjvfc07vImfHK3abEF+DQHFsSUxivrVWih/:6CfmDRMnzjfc07vIeHK3abECNqVv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69cab59c3c50f37547b9183dcfd9e832_JaffaCakes118

Files

69cab59c3c50f37547b9183dcfd9e832_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b910458a40d9052bb0f1d342cd79e3ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
WideCharToMultiByte
OpenEventA
ExitProcess
SystemTimeToFileTime
GetCurrentProcess
OutputDebugStringA
GetConsoleMode
TlsAlloc
GetThreadLocale
IsBadCodePtr
LoadLibraryA
VirtualQuery
lstrcmpW
GetProcAddress
TerminateProcess
LocalFileTimeToFileTime
GetFileType
HeapAlloc
GetDateFormatA
FormatMessageW
FreeEnvironmentStringsA
DisableThreadLibraryCalls
GetOEMCP
DeleteFileW
VirtualAlloc
Sleep
InitializeCriticalSection
DeleteCriticalSection

msvcrt

_exit
malloc
memset

advapi32

RegQueryValueExW
RegEnumValueW
GetLengthSid

user32

SetWindowRgn
GetMenuItemCount
GetWindowRect
GetFocus
SendMessageW
GetKeyState
GetLastActivePopup
SetTimer
SetWindowPos
GetSysColor

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ