a4a1a0371fff978545fbf0e3dd443a0c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4a1a0371fff978545fbf0e3dd443a0c_JaffaCakes118
Size

46KB
MD5

a4a1a0371fff978545fbf0e3dd443a0c
SHA1

f6241c92a143652944140b8b5cfd29b01f33cef2
SHA256

610f50a47a55e3e5faf1b16690fec0521cd717af19fa3430b01aabd729ad1c63
SHA512

d14d81b81adacecfe8c70d532b534037d19f37fc939e0ee0d9ef6ef0625c973a2892ba05d6583cf01da82d3dd5c7056df660bc37b595abc4ea30ec54ea34edc3
SSDEEP

768:JaGHu0tgfWrdWvPmvDbK8DS8AkuIimsLdT6a47DsLhVU05gZPmkkY/FbTeYof:Du0tagdNbmk2msLLim5Qv3eYi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4a1a0371fff978545fbf0e3dd443a0c_JaffaCakes118

Files

a4a1a0371fff978545fbf0e3dd443a0c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

643366a242a0c7ab49d73e5c223d7c46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
SizeofResource
LoadResource
LockResource
GetModuleHandleA
VirtualFree
VirtualAlloc
AddAtomA
FindAtomA
GetProcAddress
FreeResource
ExitThread

user32

UnregisterHotKey
UpdateWindow
WindowFromPoint
WaitForInputIdle
UnpackDDElParam
ValidateRect
wvsprintfA
UnloadKeyboardLayout
ValidateRgn
TranslateMDISysAccel
VkKeyScanExA

advapi32

CryptReleaseContext
CryptGetHashParam
CryptExportKey
RegConnectRegistryA
CryptGenRandom
RegCloseKey
CryptHashData
CryptSetProviderA
CryptGetUserKey

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 141B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ