a34bb23dbc3035f363deb4c2b561732b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a34bb23dbc3035f363deb4c2b561732b_JaffaCakes118
Size

375KB
MD5

a34bb23dbc3035f363deb4c2b561732b
SHA1

84cddc9c44763766e6661eec3e16185890e3f05f
SHA256

2ff11b8bde1b68009e0b3b97634da5b7579881f8148fa18fb12d8b4a26896c4a
SHA512

95673a136f8cf25c01a5fa1c175807bda20f2c156f2b54bab7582580bb79160964e3add540363e4c054153c1a373326ffd054e17fff850533a93561c69e744d9
SSDEEP

6144:4lLxuWeFQ6BPUVIT1k/GKF7yzJpVH3brWEQXyXQcXHZ3H3:4lLxuWoUVITa/erVHrXueNXH1H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a34bb23dbc3035f363deb4c2b561732b_JaffaCakes118

Files

a34bb23dbc3035f363deb4c2b561732b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

34859fcd6450f1ddd4370332ecd53bc2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
CreateFileW
LocalFree
lstrcpyA
FindClose
GetCurrentThreadId
Sleep
PulseEvent
GetComputerNameA
CloseHandle
HeapCreate
GlobalUnlock
lstrlenA
GetCommandLineA
UnmapViewOfFile
SetLastError
CreateProcessA
GetModuleHandleA
GetCurrentDirectoryA
FindResourceW

user32

CallWindowProcA
CreateIcon
IsWindow
DrawMenuBar
CheckRadioButton
GetCaretPos
GetDC
CreateWindowExA
DrawEdge
SetFocus
GetDlgItem
DispatchMessageA
FillRect

cryptui

LocalEnroll
CryptUIDlgCertMgr
WizardFree
CryptUIDlgSelectStoreA
CryptUIDlgSelectCA

appwiz.cpl

ConfigStartMenu

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 299KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ