c85b974ec1484ca6872ccd967a771672_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c85b974ec1484ca6872ccd967a771672_JaffaCakes118
Size

46KB
MD5

c85b974ec1484ca6872ccd967a771672
SHA1

558acdfacb2386e0cae2386d4f096f5cc21917f5
SHA256

9e4a6337ad1210cd1e73a107a1124049db8ae1cdcc8f986ef9688b870d790cb2
SHA512

62689af2a1054e3f32ffc365c89152c1caa32eb662aa24490bb852049c81df7cf085dd4c01cccd3d3c1ee1d8318eb865cde8bf0b3939cfb047da8ef894eebc60
SSDEEP

768:Xm5hmQgsREBtj3mn6o+J0572iUea9WJvVf2ZsAN/3xL41YNUgr:Xm5hjg5BtTmga572oLdeqcLmCvr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c85b974ec1484ca6872ccd967a771672_JaffaCakes118

Files

c85b974ec1484ca6872ccd967a771672_JaffaCakes118
.exe windows:5 windows x86 arch:x86

270b2007a6bbe8d935196f9afc023a9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
FindResourceA
LoadResource
LockResource
GetModuleHandleA
VirtualAlloc
AddAtomA
VirtualFree
FreeResource
FindAtomA
GetProcAddress
ExitThread

user32

WindowFromDC
VkKeyScanExA
UnloadKeyboardLayout
UnregisterClassA
VkKeyScanA
UnregisterHotKey
WindowFromPoint
WaitMessage
TranslateMessage

advapi32

RegLoadKeyA
CryptSetProviderA
RegCreateKeyA
RegQueryValueExA
CryptAcquireContextA
RegDeleteKeyA
CryptCreateHash
CryptGetUserKey

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ