a970d586c86e005e573feec7289a01ad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a970d586c86e005e573feec7289a01ad_JaffaCakes118
Size

803KB
MD5

a970d586c86e005e573feec7289a01ad
SHA1

1d5d119c6a33fd87e3a7341914be13d2b2838fd7
SHA256

59df9fc2f534761b6414e04bd3f62951c2b83198910746da2142772c82e3bd32
SHA512

e72f52bf5a326e547a2e0fd751489f999eab8beb9037856b58539c631f9d3a54ff2df06012d951475aa4847e712459f2e78b864700efbb9a891b62c6d8dd93bc
SSDEEP

12288:XEYJ8TGHPpjQiTU1HeYcUxyNwtdK994MJAvhNnTF7OZT2Iy14pP+UjtVfNHCJCL:ETGBjQi2HeLUxHG9DDx2Iy1ovtFQ8L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a970d586c86e005e573feec7289a01ad_JaffaCakes118

Files

a970d586c86e005e573feec7289a01ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bcac3fa2e9fb9de64088d544307059fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
LocalFree
GetModuleHandleA
HeapCreate
PulseEvent
GetCurrentDirectoryA
GetCurrentThreadId
FindResourceW
SetLastError
CreateProcessA
lstrcpyA
CloseHandle
UnmapViewOfFile
Sleep
LoadLibraryW
GetComputerNameA
CreateFileW
FindClose
lstrlenA
GetCommandLineA

user32

GetDC
CallWindowProcA
IsWindow
CreateIcon
FillRect
GetDlgItem
DrawEdge
DrawMenuBar
DispatchMessageA
CreateWindowExA
SetFocus
CheckRadioButton
GetCaretPos

cryptui

CryptUIDlgSelectStoreA
WizardFree
CryptUIDlgSelectCA
CryptUIDlgCertMgr
LocalEnroll

appwiz.cpl

ConfigStartMenu

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 793KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE