8896b87124a0334d4a57aa3614be63cf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8896b87124a0334d4a57aa3614be63cf_JaffaCakes118
Size

242KB
MD5

8896b87124a0334d4a57aa3614be63cf
SHA1

6a4a5f2c251068693a3f18ebf1466cfb321ee28f
SHA256

c2cb0014436475820d9b6da569c21f510be7292249cf075c12f357828fbc8e62
SHA512

6d753de09379a69f45a857de599135dd0e38d8688533f11d5073baece191bf61a35d1b13af06aa0d693dd72b8866b1d532df110e9bd740663dbe7f724cb3e3b0
SSDEEP

6144:DNm3+GoihAffSA2wk7pMOhBdq7IlTkYNk7aEQq4Mfum:DcFoihqffYMOvdq7IIYZEaM/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8896b87124a0334d4a57aa3614be63cf_JaffaCakes118

Files

8896b87124a0334d4a57aa3614be63cf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

35ead9ab060cb789404015550d842cfa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
VirtualAlloc
GetCommandLineA
TlsAlloc
GetModuleFileNameA
IsDBCSLeadByte
GetModuleHandleW
GetCurrentThreadId
GetSystemDefaultLangID
FreeLibrary
lstrcmpA
GetCurrentProcess
TlsFree
GetACP
TlsGetValue
TlsSetValue
Sleep
GetCurrentThread
GetDriveTypeW
GetCurrentProcessId
GetLogicalDrives

user32

GetDC
GetWindow
IsWindowVisible
GetFocus
ShowWindow
GetWindowLongA
GetForegroundWindow
GetSystemMetrics
BeginPaint
CreateWindowExA
GetWindowDC
RegisterClassA
GetActiveWindow
IsIconic
GetWindowTextA
GetClassLongA
ReleaseDC
GetWindowTextLengthA
UpdateWindow

advapi32

GetUserNameA
IsTextUnicode
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA

clbcatq

SetSetupSave
SetSetupOpen
ComPlusMigrate
DowngradeAPL

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ