87e43e14e3a0cd0a483c5e8207da4787_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

87e43e14e3a0cd0a483c5e8207da4787_JaffaCakes118
Size

33KB
MD5

87e43e14e3a0cd0a483c5e8207da4787
SHA1

2e4f268069f812e9746f9d79015cc1c81326409d
SHA256

2206e66c90f1c9c222c6f24b7715bbac8a68e47199eeb417727ace6d74b29558
SHA512

d478b3d10c57376a2d63e50c8af45f3b57ca9262f295d284bf2845e61e3acb02a1dd3b02f248df80e51f1c85f647482102fa755a946bd6b463e4c0c28bc90274
SSDEEP

768:rS64MhsOt6LGkDC3DrekjGGaLPGYY+aQ7Cgg:r4MRcLGkDC3nekkL+YRaT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87e43e14e3a0cd0a483c5e8207da4787_JaffaCakes118

Files

87e43e14e3a0cd0a483c5e8207da4787_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e8369b5ed0a0a1d98662593047837d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetProcessHeap
GetCurrentProcessId
GetModuleHandleA
GetCommandLineA
GetTickCount
GetModuleFileNameA
GetPriorityClass
LoadLibraryA
GetCurrentThreadId
Sleep
CreateThread
ExitProcess
GetCurrentProcess
GetThreadPriority
VirtualAlloc
ExitThread
GetProcessTimes
GetCurrentThread
GetStartupInfoA
FreeLibrary

user32

GetClassLongA
GetFocus
UpdateWindow
CreateWindowExA
RegisterClassA
OpenIcon
GetForegroundWindow
GetSystemMetrics
GetWindowLongA
GetWindowTextLengthA
IsWindowVisible
GetWindow
GetActiveWindow
GetWindowDC
GetWindowTextA
BeginPaint
ShowWindow
GetDC
ReleaseDC

advapi32

RegOpenKeyExA
GetUserNameA
RegCloseKey
RegCreateKeyExA
IsTextUnicode
RegQueryValueExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerLanguageNameA
VerQueryValueA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ