70b29b59cba0430025f9617fc895b4db_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70b29b59cba0430025f9617fc895b4db_JaffaCakes118
Size

21KB
MD5

70b29b59cba0430025f9617fc895b4db
SHA1

3edb96447c1ce50d35d83e5b1e7c10c1a8293e19
SHA256

73bf805180dd8548345d8a3ad1ff81c2ad80d97e4f0ed3a645f86affd0b56a1a
SHA512

229a363336fbcd3ed42bcfaabfd73d2b4e7055e66b07f41fceb0f5bec6490c2a717dbe2e8927b5d0ee3ce8aeccf25c581d2951caa51a073ea7c33017b52bf816
SSDEEP

384:XiZcNxk2atBH5vqmxjWy8Th4PEJJhLzRne2qduu0O4Vl0+tXHRgt5KF3ogE+AkSs:yZcjk25hd6L2GiiGK4lKbT+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70b29b59cba0430025f9617fc895b4db_JaffaCakes118

Files

70b29b59cba0430025f9617fc895b4db_JaffaCakes118
.dll windows:4 windows x86 arch:x86

52d9b21b73ed4368c932266338ee2b8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
HeapFree
GetProcessHeap
GlobalAlloc
WideCharToMultiByte
VirtualFreeEx
CreateEventA
GetFileAttributesW
lstrcatA
MultiByteToWideChar
GetTempPathW
GetProcAddress
GlobalFree
LoadLibraryA
OpenEventA
GetModuleHandleA
lstrcatW
CloseHandle
SetFilePointer
lstrcpyA
ReadFile
WriteFile
RtlUnwind
lstrcmpA
lstrcpyW
CreateFileA

user32

DestroyWindow
GetWindowRect
GetTopWindow
GetFocus
wsprintfA
GetClientRect
SendMessageA
RegisterWindowMessageA
SetWindowLongA
MessageBoxA
GetWindowLongA
CreateWindowExA
GetDlgItem
ShowWindow
CreateWindowExW
IsWindowVisible
SetWindowTextA
EnableWindow
CallWindowProcA
SetDlgItemTextA
wsprintfW

advapi32

RegQueryValueExA
RegCloseKey

Exports

Exports

cool
feed
plem

Sections

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ