b82a139b2b6591af60380c9065993397_JaffaCakes118 | Triage

Sharing

General

Target

b82a139b2b6591af60380c9065993397_JaffaCakes118
Size

16KB
MD5

b82a139b2b6591af60380c9065993397
SHA1

3134641a166ca5cc9915797c6840fa71c6fa5529
SHA256

5ae856841007a228299d2048fcded4bd0d7faf26548f48a6aa278ea6ae9481bb
SHA512

a32e2a8d0d21af53af484954fd01a9a1123cac2e9c5386b1172e7968d727e6926a6790984bea6dd6816d07b65717a0f94453485a6ff30c385c1f80ffd44e9b3f
SSDEEP

384:IQ1tYJ5CtlLjz9rY+JabpKYIOfBae3TWG08up:nbYJ5ilLjfJrOJa8qG07

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b82a139b2b6591af60380c9065993397_JaffaCakes118

Files

b82a139b2b6591af60380c9065993397_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29b8f506a1f8c43cda7efc1e717cf2fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
DeleteFileA
CopyFileA
WinExec
GetCurrentDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
FindClose
lstrcmpA
FindNextFileA
FindFirstFileA
CreateMutexA
lstrcpyA
GetLogicalDriveStringsA
GetProcAddress
LoadLibraryA
GetLocalTime
GetTempPathA
GetWindowsDirectoryA
ExpandEnvironmentStringsA
GetLastError
CloseHandle
CreateThread
lstrcatA
Sleep

user32

GetWindowTextA
GetParent
WindowFromPoint
GetCursorPos
MessageBoxA
PostMessageA

advapi32

RegCloseKey
RegEnumKeyA
RegCreateKeyA
RegDeleteKeyA

msvcrt

_XcptFilter
_controlfp
_except_handler3
__set_app_type
__p__fmode
??2@YAPAXI@Z
exit
fclose
fputs
sprintf
fopen
strstr
printf
fwrite
fread
fseek
rand
srand
time
_exit
__p__commode
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

ws2_32

gethostbyname
gethostname
WSACleanup
WSAStartup

Sections

.text
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ