aa30d442578877f0a48efc0b4153fcc7_JaffaCakes118 | Triage

Sharing

General

Target

aa30d442578877f0a48efc0b4153fcc7_JaffaCakes118
Size

160KB
MD5

aa30d442578877f0a48efc0b4153fcc7
SHA1

e92c69319cb852ce17a1b01111352369c2b8ae83
SHA256

327526f0d77c8b3fb495b46dcddf9273cdc00b48c9430097cc4c29d2a35a29e9
SHA512

1c9b56f6845ca563f75a5120cd24d25b1eef8767e5ff9f5855c132af6b45f3fb830a666a10be347b4ef2f109d6244b6f445231d4c12c9ca39a2d7b86ef3b052d
SSDEEP

3072:/vZBBtUObEX17zkD07KArPfUuavEHRM3r89Gcide:LPUO0kD9G3tsEx884cid

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa30d442578877f0a48efc0b4153fcc7_JaffaCakes118

Files

aa30d442578877f0a48efc0b4153fcc7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e208d2a250b8a9735cfd0b08e961fca0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

user32

wsprintfA
wsprintfW
MessageBoxA
GetTopWindow
CharNextA
GetKeyState
CharUpperA
CharLowerA

kernel32

GetThreadPriority
FreeLibrary
TransmitCommChar
LoadLibraryW
EnumResourceNamesW
InterlockedDecrement
LoadLibraryA
InterlockedIncrement
ExitProcess
GetProcAddress
MultiByteToWideChar

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ