bfdbddbdd79adaf72dd0d9ed83304655_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfdbddbdd79adaf72dd0d9ed83304655_JaffaCakes118
Size

44KB
MD5

bfdbddbdd79adaf72dd0d9ed83304655
SHA1

e6a2cd252fb7efd2f473fea994adce52518c1f16
SHA256

8e68ebcd4e6624b0bc016da601ae1eb68a0b460e3c6f4626245af8c363ca8950
SHA512

476ed779491f4c4af0104e17365110f256b0e99d1de6d5b6562f7be98803e3e67838f79beb7a90369ccfa57956fec028c8472df80528f3dd7cd5f96a698bf362
SSDEEP

768:ZfnCuXWL7cJ0IIWjACCDSwVXaEiU5xcuXefQ9wM7yafF6nb3k:ZCqWLYJ0IIWWOwIEh5mKl+afIA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfdbddbdd79adaf72dd0d9ed83304655_JaffaCakes118

Files

bfdbddbdd79adaf72dd0d9ed83304655_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f21a47669d40e04c3f8cddd5f390f2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetModuleFileNameA
GetStartupInfoA
GetDriveTypeA
GetACP
Sleep
GetLogicalDrives
GetCurrentProcessId
lstrcatA
GetCurrentProcess
VirtualAlloc
TlsGetValue
GetCurrentThreadId
IsValidCodePage
GetCurrentThread
TlsSetValue
TlsFree
TlsAlloc
FreeLibrary
GetModuleHandleA
GetSystemDefaultLangID

user32

IsWindowVisible
GetDC
GetClassLongA
GetWindowTextLengthA
ReleaseDC
UpdateWindow
GetForegroundWindow
CreateWindowExA
GetWindow
GetWindowTextA
BeginPaint
GetFocus
GetActiveWindow
OpenIcon
GetSystemMetrics
GetWindowLongA
RegisterClassA
ShowWindow
GetWindowDC

advapi32

RegCloseKey
RegOpenKeyExA
IsTextUnicode
RegCreateKeyExA
GetUserNameA
RegQueryValueExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
VerLanguageNameA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ