8d8eb973a7917cfed4e87c20eaeb848f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d8eb973a7917cfed4e87c20eaeb848f_JaffaCakes118
Size

178KB
MD5

8d8eb973a7917cfed4e87c20eaeb848f
SHA1

b25e9b9324775325417173c928c9a5a1d22812e7
SHA256

f846009692baeda3eda495939ca78cd9206cca85f8bdc45c065f058f221c5cef
SHA512

f8587151c9f59517d3226529cd372d6841e7ae9e65e0331f83b8f8845ceaf716fa87c8bdb8b5366a5b69458c6084153eef5aa04a409519fca546fb3ef55495b9
SSDEEP

3072:SxxcgKvEsRhW0fWNdzI2r9wZyX9dj3Bl63IE8C5DbN0OamwVY2nQU2TDmPlKvmOT:Eq+zNr9nfEDbPwVuU2+Psvm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d8eb973a7917cfed4e87c20eaeb848f_JaffaCakes118

Files

8d8eb973a7917cfed4e87c20eaeb848f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7eb9d84a41516472b724fb26ad18756

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
LoadLibraryA
IsBadReadPtr
GetThreadIOPendingFlag
FreeLibrary
GetTempPathW
GetModuleFileNameA
LoadLibraryW
TransmitCommChar
WideCharToMultiByte
EnumResourceNamesW
SetEndOfFile
MultiByteToWideChar
InterlockedDecrement
SetStdHandle
CreateFileW
CompareStringA
CloseHandle
GetProcAddress
FlushFileBuffers
GetLastError
ExitProcess
WriteFile
InterlockedIncrement
CompareStringW
SetEnvironmentVariableA

user32

CharNextA
CharUpperA
wsprintfA
MessageBoxA
GetKeyState
GetTopWindow
wsprintfW
CharLowerA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ