bf68c72bb452b0e30a270972a8ca3fda_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf68c72bb452b0e30a270972a8ca3fda_JaffaCakes118
Size

244KB
MD5

bf68c72bb452b0e30a270972a8ca3fda
SHA1

bc102418711c4dbfc1d9d3f210a85d9079f15196
SHA256

c2ed3ed1981abb447e7e02706716bd21708c40eddaf775f2c4f6e76e88d3d5de
SHA512

af37bee04cf8377ccdbc32b46c5485c5c8d3404a4e864c9b8af68631e7ef2e305f0a906ad4e649ad4211a26163f6f380f21b585dcef99e7414a2f14aba586235
SSDEEP

6144:NhbGWtl/RYfb+nx4lixeS8wtSd2nKijITrZXx:N9GWtVLsSJtCsjITrZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf68c72bb452b0e30a270972a8ca3fda_JaffaCakes118

Files

bf68c72bb452b0e30a270972a8ca3fda_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cf246f49f9cbb0902cab385313705751

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDrives
GetProcessTimes
GetThreadPriority
GetCurrentThread
VirtualAlloc
GetCurrentProcess
Sleep
IsValidCodePage
GetCurrentThreadId
GetModuleHandleA
GetCurrentProcessId
ExitThread
FreeLibrary
GetModuleFileNameA
GetStartupInfoA
GetDriveTypeA
CloseHandle
TlsAlloc
IsDebuggerPresent
GetCommandLineA
LoadLibraryA

user32

GetActiveWindow
GetFocus
GetWindow
CreateWindowExA
GetClassLongA
ReleaseDC
GetWindowTextLengthA
GetWindowTextA
GetSystemMetrics
GetWindowLongA
GetForegroundWindow
BeginPaint
ShowWindow
GetWindowDC
UpdateWindow
RegisterClassA
GetDC
OpenIcon
IsWindowVisible

advapi32

RegCreateKeyExA
RegCloseKey
IsTextUnicode
GetUserNameA
RegQueryValueExA
RegOpenKeyExA

version

VerLanguageNameA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ