b28a8f50c9fa763cc3f9075b57d8abb2_JaffaCakes118 | Triage

Sharing

General

Target

b28a8f50c9fa763cc3f9075b57d8abb2_JaffaCakes118
Size

365KB
MD5

b28a8f50c9fa763cc3f9075b57d8abb2
SHA1

5e2f779089d8801999ddd7652b2e21e3679020dd
SHA256

6604240a6feb1534095e29203406b5179dd08d99185cb72fd56a6e9d5226eea1
SHA512

811895776f5a8bde47a2d22faddd7c2c4f82ce10a68e83f68b3b56b8ecad878188a0628438d7da809fd1e64bf4a9b05ff7233d81baa625a7b3a8de8bddd8b33d
SSDEEP

6144:PWod31Ktjv+Ecn5v4xOuj5c0y42UQ8QJlAfYMa9jcM5MGqDQNOyC1O0RWT/7cwDi:LV14GEsv4guj5vPe8eOfYMkc+eDNyCYs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b28a8f50c9fa763cc3f9075b57d8abb2_JaffaCakes118

Files

b28a8f50c9fa763cc3f9075b57d8abb2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5bf3d09803cfa7ddf59045b75a41fc71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegQueryValueW

kernel32

CloseHandle
CreateFileA
CreateFileW
EnterCriticalSection
ExitProcess
InitializeCriticalSection
LeaveCriticalSection
ReadFile
SetFilePointer
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
clock
free
localtime
malloc
memcpy
mktime
signal
sprintf
sscanf
strcpy
strftime
time
wcscpy

user32

MessageBoxW

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 324KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ