b69378dcbf01c3a032b65fd50fa18621_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b69378dcbf01c3a032b65fd50fa18621_JaffaCakes118
Size

1.0MB
MD5

b69378dcbf01c3a032b65fd50fa18621
SHA1

fb13e2288b1117dc98262224f40de7e4294f6cc7
SHA256

ec682778f0be957b54ce1874ea235244e5a4ccf58ac2b80d18f6e3c4e8a40dd5
SHA512

b2c247a263ce20c46e6d3bd75d3c41671b5ce6e79a2f52a3be3ba7423ad6e546ab978793cfab9f3170aceb556b01b57c339f0dd87dea24f11b7c9b05e9184989
SSDEEP

24576:4HCay3EdSDBQBfUApuHsEnYbaEEHBvPx/55AwgG5H15ZL:4iaylVzZYmphl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b69378dcbf01c3a032b65fd50fa18621_JaffaCakes118

Files

b69378dcbf01c3a032b65fd50fa18621_JaffaCakes118
.exe windows:4 windows x86 arch:x86

60b0240563b42141a49ae17d4945f842

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
atoi
_ftol
toupper
??3@YAXPAX@Z
sprintf
strrchr
free
malloc
strncmp
strncpy
modf
memmove

user32

GetSystemMetrics
wsprintfA
EndDialog
LoadIconA
SetWindowTextA
SendMessageA
SetWindowPos
GetDlgItem
DialogBoxParamA
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
FindWindowA
MessageBoxA

kernel32

HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetModuleHandleA
IsBadReadPtr
GetModuleFileNameA
GetPrivateProfileStringA
GetCommandLineA
LCMapStringA
HeapFree

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 988KB - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE