bbb5afffa963d6f1c1a6431f221490b5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bbb5afffa963d6f1c1a6431f221490b5_JaffaCakes118
Size

119KB
MD5

bbb5afffa963d6f1c1a6431f221490b5
SHA1

dfa73c6620bc26e77b3d9bb38d7419536d8c287e
SHA256

0ba5e9221f2102667a9d3c2145a5b26aa8f5a05d1b375311c40770262c27cb07
SHA512

93a6d85976f269c786c7ea1c7fb2afc0164d2340829c4569e4a32674e340813ac18da6c516496be31bf7ebe987ee99b5b0aa631276fc497ae3cf3670ec2abbb0
SSDEEP

1536:AEM61WFBY3lqgvtyMP2y+4fpreR5uWZQzUmrr2ZhdiOVNWCwg6QgjcfH:A81WFm77254hhWZQKdPVNspQ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbb5afffa963d6f1c1a6431f221490b5_JaffaCakes118

Files

bbb5afffa963d6f1c1a6431f221490b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5a4291021c8451fd06e2dead0501cbb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
ExitProcess
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetProcAddress
LoadLibraryA
GetModuleFileNameA
Sleep
WriteFile
DeleteFileA
LockResource
LoadResource
CreateFileA
FindResourceA
GetModuleHandleA
GetSystemDirectoryA
GetCurrentThreadId
CreateEventA
OpenEventA
OutputDebugStringA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFileTime
CloseHandle
SizeofResource
SetFileTime

user32

GetThreadDesktop
MapVirtualKeyA
VkKeyScanA
PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ