962d5f88e64e8ecdd06f1ff934505c20_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

962d5f88e64e8ecdd06f1ff934505c20_JaffaCakes118
Size

47KB
MD5

962d5f88e64e8ecdd06f1ff934505c20
SHA1

82e8d9fc85199a6e145e95be6fc6da3b8dea1642
SHA256

c18e6ecf5741600f005d0eb83ddcda5fccdcea0c99c7d21606e24e370358112f
SHA512

c4f36f6807073bbbbf89ae52794ec3125e73ea70a0338b44c63eb48560b44df09ebad5887ffa4c3e323a83f929765d00492addfc9d0a6ce37aa92aca9a3aa400
SSDEEP

768:HqHHQ3F0qYD/DsUEViXFYSZFW0v0LWYrrfCC1ncgtzk8xzkF263mp+H:KHrD/Dxx1ffH+ZHLtwkQFp3y+H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
962d5f88e64e8ecdd06f1ff934505c20_JaffaCakes118

Files

962d5f88e64e8ecdd06f1ff934505c20_JaffaCakes118
.exe windows:5 windows x86 arch:x86

05237af68ea21a6a0f302ced47d66ab8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
GetModuleHandleA
FindAtomA
GetProcAddress
FreeResource
LockResource
VirtualFree
AddAtomA
VirtualAlloc
FindResourceA
SizeofResource
LoadResource

user32

VkKeyScanA
UnregisterClassA
VkKeyScanExA
ValidateRgn
UnionRect
UpdateWindow
wvsprintfA
WaitMessage
TranslateMessage
WindowFromPoint

advapi32

CryptSetKeyParam
RegDeleteValueA
CryptGetProvParam
RegQueryValueA
CryptHashData
CryptAcquireContextA
RegQueryMultipleValuesA
CryptSetProviderA
RegSetValueExA
CryptReleaseContext
CryptImportKey
RegReplaceKeyA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ