af594c0b78caaffaf29b04d3369f5e27_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af594c0b78caaffaf29b04d3369f5e27_JaffaCakes118
Size

18KB
MD5

af594c0b78caaffaf29b04d3369f5e27
SHA1

b6dd37a388ef29c2089768477032f461283a93de
SHA256

9033f963b46fd9408e36bef6025410550511ccf2ffd21fd38a23849c34b373c3
SHA512

67eda3f488b6c6414cdefad56a79318cdf8a791319b5a08a82574b5a0455b9996334a6f93f334bded87f53a45e1aceabc23895439e4f17859128ff3b0c181f06
SSDEEP

384:x49BZzmqnOlbKKc1w4rvojKpr6D8jjvjj2/FpYz3AWO8KBxo:xqZEb9j/jYzAfo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af594c0b78caaffaf29b04d3369f5e27_JaffaCakes118

Files

af594c0b78caaffaf29b04d3369f5e27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e98aa80118a41fc65d8ba9ce729471c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessVersion
LoadLibraryExA
GetTapeStatus
GetEnvironmentStringsA
HeapCreate
WaitForSingleObject
GetTimeFormatA
GetCommConfig
GetStdHandle
GetModuleHandleA
InterlockedExchange
VirtualProtect
CreateHardLinkA
DeleteAtom
GetLogicalDrives
GetCurrentThread
GetCurrentProcessId
IsDebuggerPresent
CreateFileMappingA
HeapDestroy
GetACP

user32

FrameRect
GetDlgItem
ShowWindow
DrawTextA
GetCursorPos
GetParent
BeginPaint
FillRect
GetClassNameA
EndPaint
GetWindow
GetTitleBarInfo
DragDetect
wsprintfA
GetWindowTextLengthA
GetFocus
ReleaseDC
SetForegroundWindow
SetActiveWindow

advapi32

RegFlushKey
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegEnumKeyA

setupapi

SetupCloseLog

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ