b858d3732472ad0e6b8b342e91f57efa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b858d3732472ad0e6b8b342e91f57efa_JaffaCakes118
Size

18KB
MD5

b858d3732472ad0e6b8b342e91f57efa
SHA1

7546ca9ab7ec991102cea28639493aecd05b03bc
SHA256

533226c42b7af86e90774edbfc34cb97bc049ef45e9ca1de337790bdd59b3664
SHA512

ecd574dff0a9df7ec8e4a34ed911bed60c394bc60ca29f7cec781b5c6b36ca0b1d7ba699bc0ff248a5e8140afaa8e1172098f41c05d44680575b9cedd4d653e7
SSDEEP

384:UHAVz1DHMaJiHfvVvzkwVJFHlzyGHuOQTeAS57umuOJA0Kcw23:UHAnDriHVbksn5hZFO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b858d3732472ad0e6b8b342e91f57efa_JaffaCakes118

Files

b858d3732472ad0e6b8b342e91f57efa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

478002c5d9553e7b6a150409965adbc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CloseHandle
lstrcpyA
ExitProcess
GetCommandLineW
lstrcmpA
SetFilePointer
lstrlenA
SetFileTime
GetCommandLineA
GetSystemDirectoryA
lstrcatA
GetLastError
GetProcAddress
VirtualAlloc
CopyFileA
LoadLibraryA
MoveFileA
SetCurrentDirectoryW
GetModuleFileNameA
lstrcatW
CreateMutexA
GetFileTime
WinExec
GetFileSize
CreateFileA
VirtualProtect
CreateFileW
WriteFile
GetSystemDirectoryW
GetModuleHandleW

user32

PeekMessageA
FindWindowA
wsprintfA

advapi32

RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shlwapi

StrStrIW

msvcrt

memcpy
malloc
free
srand
rand
memset

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE