76a5a3a99c0d4385cab71a9d14a0c67a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76a5a3a99c0d4385cab71a9d14a0c67a_JaffaCakes118
Size

326KB
MD5

76a5a3a99c0d4385cab71a9d14a0c67a
SHA1

b7ff883f837344d294e8d07711e4bb69d9c69d4c
SHA256

8a64a3b5ad903e5c6d2d6e5100b3ba08e0ee2a5806bee78b0b5b9483f5679850
SHA512

0ceb46b940795a6d7324bd067f896e972d19d02158f073401640bd528ce14dbdcb24c6ee838b071c995e281be2c7c9c57891d1695de52e6973c8e615fbd665b4
SSDEEP

6144:pqwD+X1xQatU+1CEJp4XEt8l3aw9Y6zfJvkeitTDYWMtrDVmCfNuI2RINhoDPnrb:PO1xm+QoK0t4K3gCTDYWGrYzt+NST6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76a5a3a99c0d4385cab71a9d14a0c67a_JaffaCakes118

Files

76a5a3a99c0d4385cab71a9d14a0c67a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

078c46742cf75f036ee0f3440351c06d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
LoadLibraryW
GetComputerNameA
GetDiskFreeSpaceA
CreateThread
FindVolumeClose
Sleep
GetModuleHandleA
SetLastError
LocalFree
ResetEvent
HeapCreate
GetSystemTime
LocalUnlock
CloseHandle
GetCommandLineW
lstrlenA
GetDateFormatA
CreateFileA
UnmapViewOfFile

user32

IsWindow
GetDC
SetFocus
CheckRadioButton
GetDlgItem
GetComboBoxInfo
DrawStateA
DispatchMessageA
FillRect
DrawEdge
DrawMenuBar
CallWindowProcA
CreateWindowExA

advapi32

IsTokenUntrusted
RegCloseKey
RegDeleteKeyA
FreeSid
RegEnumValueA

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ