bf647e3cb88a4afdfefc127f90f979a3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf647e3cb88a4afdfefc127f90f979a3_JaffaCakes118
Size

15KB
MD5

bf647e3cb88a4afdfefc127f90f979a3
SHA1

e4b22b86b33e2e2d7781918cb4f2929a5a950155
SHA256

3d223f73c4c629126a636e65f2a4f34ca308f3a23e8951430a378f3d1c9e3e8a
SHA512

1015fa406c2a6fe08ad460058c22d88e6a5828a8d8e8f4cdae2ff39f0b5350649163203a4a6ab7dd87597ba26bdfa7a061a65fec8e01d8e977e56dfb84d90d27
SSDEEP

192:+1tj/BZkFTNLEIak4ybbEOW5ad0kcbTKsPF/8ly7NKioteMff+boOHW/OXq9h:Y/UJx65+0FF/Sy7Ot05HW/OXq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf647e3cb88a4afdfefc127f90f979a3_JaffaCakes118

Files

bf647e3cb88a4afdfefc127f90f979a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5e8fa7a9353a83e190450dd90248d59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
ReadFile
CloseHandle
DeleteFileA
LoadLibraryA
ExitProcess
GetEnvironmentVariableA
CreateDirectoryA
GetModuleHandleA
FreeLibrary

user32

EnableWindow
DefDlgProcA
IsDlgButtonChecked
MessageBoxA
PostQuitMessage
LoadIconA
RegisterClassA
CreateDialogParamA
SetWindowTextA
GetDlgItem
SetDlgItemTextA
SendMessageA
ShowWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow

advapi32

RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
RegEnumKeyA

msvcrt

strncpy
memset
strncat
strlen
rename
strstr
_snprintf
strcmp

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ