861690e69bc8679cd4228b12d3cea757_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

861690e69bc8679cd4228b12d3cea757_JaffaCakes118
Size

14KB
MD5

861690e69bc8679cd4228b12d3cea757
SHA1

428bb574dc42ef7c3327a03d8fd3ea5bad135b76
SHA256

9f7c142931b89f3214068dc2bbe4751806ad3b04e75c5fdcb8f79981db950683
SHA512

75988aa06a68164ec4f1ed9da9ac8c0f34d2351080a7536270abfbab2df58b598cb5d66ec3d4b0c6b3e727490fa7b0fa8d8bb3937330905ded518b946cea31d1
SSDEEP

384:XRvxKZ6gAlYfd/9QE//sQvvkDT3BmNXkva9:Bi7dVN/k8sDtmNXkO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
861690e69bc8679cd4228b12d3cea757_JaffaCakes118

Files

861690e69bc8679cd4228b12d3cea757_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c3c44e33c3497ce66b2db30ad72ffc5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
WinExec
GetTempPathA
GetProcAddress
LoadLibraryA
ExitProcess
WriteFile
lstrcatA
lstrcpyA
CreateThread
DeleteFileA
CopyFileA
GetWindowsDirectoryA
GetLastError
CreateEventA
lstrlenA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
CreateMutexA
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
Sleep
CloseHandle

user32

wsprintfA
GetWindowTextA
WindowFromPoint
GetParent
GetCursorPos

advapi32

RegSetValueExA
RegSetValueA
RegCreateKeyA
RegDeleteKeyA
RegCloseKey

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

shlwapi

PathRemoveFileSpecA

msvcrt

_stricmp
strstr
exit
_except_handler3
remove
_itoa
sprintf
strchr
fopen
fscanf
fclose
??2@YAPAXI@Z
??3@YAXPAX@Z

rpcrt4

UuidCreateSequential

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ