d3124fda3fc30163f01df698f795057b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3124fda3fc30163f01df698f795057b_JaffaCakes118
Size

225KB
MD5

d3124fda3fc30163f01df698f795057b
SHA1

c2c05c81e1a380a17313daaecbfbe5dad8f47a4c
SHA256

620829458f3e8cb8cefba490696c336075afcee283a121e9fc83d95e510797cc
SHA512

9b6346b8ba8f0e6826a8cc7c65c2371adc08e5a3eb1fdae57e7eaca142deeb5da2c07d91f3e3ea4dc3a188fe5df4d7eeabeaacf295bf5ab9a76f113238baa905
SSDEEP

6144:p14TzaJ01mTPRpk7PciAwNzszrR7NFhp9HulsV16/:YTOxJ67MOA51pIlIE/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3124fda3fc30163f01df698f795057b_JaffaCakes118

Files

d3124fda3fc30163f01df698f795057b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5abee239e36179f9a636e9e57ae3de97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetLastError
GetCurrentThreadId
WaitForSingleObject
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
lstrcmpA
GetTempPathA
FindAtomA
ExitProcess
lstrcatA
GlobalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualQueryEx
GetModuleHandleA
GetThreadContext
CreateProcessA
GlobalFree
TerminateProcess
ResumeThread
VirtualFree
OpenProcess
VirtualAlloc
lstrlenA

user32

wsprintfA
OpenInputDesktop
IsWindowVisible
ClientToScreen
GetCursorPos
InflateRect
GetThreadDesktop
SetThreadDesktop
FindWindowA
EqualRect
GetFocus
CloseDesktop
GetWindowThreadProcessId

shell32

ShellExecuteA

shlwapi

SHGetValueA

advapi32

CreateProcessAsUserA
OpenProcessToken

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE