d24160c7db1fc8d2604d3f0ab9a2d64c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d24160c7db1fc8d2604d3f0ab9a2d64c_JaffaCakes118
Size

41KB
MD5

d24160c7db1fc8d2604d3f0ab9a2d64c
SHA1

df474a53b5fc6bfdc9f9bbc1f51ed4c271ff3561
SHA256

dadd2cb967b0e46945fe7506c2afb2e437fd86ce4463f5043ffb02e935a51ea4
SHA512

2970a153f9ff4ce32529cb5e62d9202f93918916501b63e79bed194e81bbc1103bffd35fc5004cbb384e58879948094b9753877d37f09d8a5fd89fda5c769980
SSDEEP

768:+TfY90+Kvoi+jSDzlspNH2jUM8DgpNQV+6zcI6gkALs0CxXJiIFgoI:gfG0+cKjrAjUK7ucI6LCCdao

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d24160c7db1fc8d2604d3f0ab9a2d64c_JaffaCakes118

Files

d24160c7db1fc8d2604d3f0ab9a2d64c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4032da47e728d1006432023330da4b30

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BeginUpdateResourceW
CreatePipe
ExitProcess
FormatMessageW
GetBinaryType
GetBinaryTypeW
GetConsoleCP
GetCurrentProcess
GetModuleHandleA
GetQueuedCompletionStatus
GetStringTypeExW
GetTempPathW
GlobalFindAtomW
GlobalLock
MapViewOfFile
OpenEventW
RtlUnwind
SetCommMask
SetSystemTime
WriteConsoleOutputA

advapi32

AccessCheck
AreAnyAccessesGranted
BuildSecurityDescriptorA
ConvertSecurityDescriptorToAccessW
CopySid
CryptGetDefaultProviderA
CryptVerifySignatureA
GetCurrentHwProfileW
GetSidIdentifierAuthority
IsValidAcl
ObjectDeleteAuditAlarmA
QueryServiceLockStatusW
ReadEventLogW
RegQueryInfoKeyW

user32

CharNextExA
CharPrevA
CharToOemW
DdeQueryConvInfo
EndPaint
FindWindowA
GetCaretPos
GetInternalWindowPos
GetKeyboardState
GetWindowRect
InternalGetWindowText
InvertRect
IsCharAlphaW
IsWindowEnabled
LockWindowStation
MapDialogRect
SendDlgItemMessageA
SetProcessWindowStation
SystemParametersInfoW
UnhookWinEvent

Sections

.text
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE