7210140b6f1747594504b43a694e5642_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7210140b6f1747594504b43a694e5642_JaffaCakes118
Size

32KB
MD5

7210140b6f1747594504b43a694e5642
SHA1

dbcb1dc16f10f1b9cbd6fb1189c854ec42f6ad49
SHA256

989a4545ec5caba6358f61dcb5d383c45b373baeea00d908f012c1568e1bb525
SHA512

96e5783bfd4c1eacce62db445551e9b742504f0450cc847b6e2de0506a14aa18b31f5c30da5575b9885fe079faf6b8ae237b41434485e271bbc07e383d2a4631
SSDEEP

768:qFyyyY66wWoVFPPOzcy4DlCUuYhy3iRT:4yvNJyxUu2yiT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7210140b6f1747594504b43a694e5642_JaffaCakes118

Files

7210140b6f1747594504b43a694e5642_JaffaCakes118
.exe windows:4 windows x86 arch:x86

49be30139136ec079b2d90c8cf2006d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
DeleteFileA
CloseHandle
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
GetLastError
ExitThread
lstrcatA
CreateEventA
Sleep
WaitForSingleObject
FreeLibrary
HeapAlloc
HeapFree
GetProcessHeap
ReadFile
ExitProcess
SetEvent
CreateThread
WriteFile
LoadResource
FindResourceA
CompareStringA
Process32First
CreateToolhelp32Snapshot
lstrlenA
lstrcmpA
WaitForMultipleObjects
ResetEvent
CreateFileA
RtlUnwind

user32

CreateWindowExA
DestroyWindow
PeekMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
GetParent
wsprintfA
AnyPopup
ShowWindow

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegNotifyChangeKeyValue

ole32

CoUninitialize
CoInitialize

shell32

SHGetFolderPathA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ