b1a66e61db134849d72fa83bf4d02921_JaffaCakes118 | Triage

Sharing

General

Target

b1a66e61db134849d72fa83bf4d02921_JaffaCakes118
Size

70KB
MD5

b1a66e61db134849d72fa83bf4d02921
SHA1

f588345da4a4d07dd84ee4ce485ac561e8a08734
SHA256

d3c592f0ed06e39c8559b2943e5d1038b40f11d79eebd4b91e82649b27fd49c9
SHA512

aa15e99043cb885a8f1a2a673081d7969b1aee26e244305cbc9ade684a957f0ca85dce5de0873ca98eef70280394ab1d6807f7a7435476d01c6768b700bcf90e
SSDEEP

768:fD3+I1L/PLeSg8rR14qnFDvQc+CFJTPA8O1CNe5s:LuI9ng8AwDbZmkN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1a66e61db134849d72fa83bf4d02921_JaffaCakes118

Files

b1a66e61db134849d72fa83bf4d02921_JaffaCakes118
.exe windows:2 windows x86 arch:x86

c8de4e4f7b3377f7bf805c0562f87029

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetTickCount
DuplicateHandle
lstrcpynW
GetLogicalDriveStringsW
WaitForMultipleObjects
LoadLibraryA
AddAtomW
CloseHandle
lstrlen
SetUnhandledExceptionFilter
SetEvent
WinExec
GetStartupInfoW
GetEnvironmentVariableW
GetCurrentDirectoryW
DisconnectNamedPipe
FreeLibrary
WaitForSingleObject
CreateSemaphoreA
GetTempFileNameW
GetVersion

user32

LoadMenuW
GetMenuItemID
SetDlgItemInt
PostMessageW
InvalidateRect
GetWindowLongW
RegisterClassW
GetDlgItemTextA
GetClassNameW
GetClassInfoA
PostMessageA
GetMenuInfo
GetSystemMetrics
wvsprintfW
LoadIconW
ShowCaret
TrackPopupMenuEx
mouse_event
LoadIconA

gdi32

SetBkColor
CreateFontIndirectW
StretchDIBits
SelectObject
CreateCompatibleDC
MoveToEx

advapi32

RegDeleteValueA

comdlg32

ReplaceTextA
ReplaceTextW

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ