82caa1a1409d50235c9d43142ab0cb12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

82caa1a1409d50235c9d43142ab0cb12_JaffaCakes118
Size

83KB
MD5

82caa1a1409d50235c9d43142ab0cb12
SHA1

4908f14d5a9f7ce954792a289df6d43cd61449b0
SHA256

0030f95c7a078b1516423b3e68e5581bd664ecbd6dc84f124d9281c0efed8609
SHA512

beb6d662dd2e68ba12d644d51723554d4493c88f43e2f86f61abb7c73851773802f4d4d3e46506400f00a2dd0d9bf8852110ab996fbf221a37c99c8328721f49
SSDEEP

1536:cJeYre7HV2h6PfHlA4BmSwYJ98uaO5L9Uc3ED7:7dEh6P/lAI/98+5L9Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82caa1a1409d50235c9d43142ab0cb12_JaffaCakes118

Files

82caa1a1409d50235c9d43142ab0cb12_JaffaCakes118
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

fd6806f4afe744510a51c252fde52b66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
CreateThread
GetStdHandle
GetCommConfig
CreateFileMappingA
GetTimeFormatA
IsDebuggerPresent
GetThreadPriority
GetEnvironmentStringsA
VirtualProtect
GetModuleHandleA
CreateHardLinkA
GetCurrentThread
HeapDestroy
GetACP
DeleteAtom
GetLogicalDrives
GetCurrentProcess
GetCurrentProcessId
LoadLibraryExA
HeapCreate

user32

ShowWindow
ReleaseDC
GetTitleBarInfo
GetFocus
GetParent
SetActiveWindow
SetForegroundWindow
GetDlgItem
DrawTextA
GetCursorPos
GetClassNameA
DragDetect
GetWindowTextLengthA
BeginPaint
wsprintfA
FillRect
EndPaint
GetWindow
FrameRect

advapi32

RegQueryInfoKeyA
RegCloseKey
RegCreateKeyA
RegEnumKeyA
RegFlushKey

clbcatq

CoRegCleanup

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 976KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ