8d1b6d50a2f43defde8d184299051556_JaffaCakes118 | Triage

Sharing

General

Target

8d1b6d50a2f43defde8d184299051556_JaffaCakes118
Size

19KB
MD5

8d1b6d50a2f43defde8d184299051556
SHA1

f0067d68aefbdeab3e1916b9b1622cee3c0bd7f0
SHA256

a29336e2fce7cfc62c6e0a71e0d125644bdced8668a8fe1173235b1cc2c97e55
SHA512

91582e94a309c1615ac6940c0bb1b87c87431419ff9a6ec4310684184144e65ca36d05309741ca8e055bdc67c9e7754b695a8352cc2edaa9b9acb3a214503f67
SSDEEP

384:09gizcV0xloemqq4SeK+mDYak4m0A7b0OXfEKpVQKOKB:09PzcVyloVPYakb0ezGKB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d1b6d50a2f43defde8d184299051556_JaffaCakes118

Files

8d1b6d50a2f43defde8d184299051556_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bbff09ba8aee628770a56b553daabb4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
WideCharToMultiByte
CreateEventA
GetFileAttributesW
lstrcatA
MultiByteToWideChar
GetTempPathW
GetProcAddress
GlobalFree
LoadLibraryA
GetModuleHandleA
lstrcatW
CloseHandle
lstrcpyW
lstrcpyA
lstrcpynA
ReadFile
WriteFile
CompareStringA
RtlUnwind
CreateToolhelp32Snapshot
Process32First
SetFilePointer
lstrcmpA
CreateFileA

user32

DestroyWindow
GetWindowRect
GetFocus
wsprintfA
GetClientRect
RegisterWindowMessageA
wsprintfW
SetWindowLongA
MessageBoxA
GetWindowLongA
CreateWindowExA
GetDlgItem
ShowWindow
CreateWindowExW
IsWindowVisible
SetWindowTextA
EnableWindow
CallWindowProcA
SetDlgItemTextA
SendMessageA

advapi32

RegQueryValueExA
RegCloseKey
RegDeleteKeyW

Exports

Exports

cool
feed
plem

Sections

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ