d41ab18fafb8178564ff673c5afa5b57_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d41ab18fafb8178564ff673c5afa5b57_JaffaCakes118
Size

636KB
MD5

d41ab18fafb8178564ff673c5afa5b57
SHA1

95df7a7409c52b5e88cee84f124760e073472576
SHA256

48ce20bbc805af3a9bd5c064e850b9c5b9fbbb6321f783f63abd061e2085cef7
SHA512

a9254ac3a0e6f71f0cea4bb0474fe596e9bb7becc0ab33ce381494b82808e12b7f1c9f4821bdc429767ec97523bf936c79e5ffb9a05235156ccf11ffeb743c53
SSDEEP

12288:y40E3nuWo96luZCOUGMme+xg//0oz5exq6RS9V4P3S+M0yOv:lMWpuZZUjmPS//96RoOvS+MjU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d41ab18fafb8178564ff673c5afa5b57_JaffaCakes118

Files

d41ab18fafb8178564ff673c5afa5b57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

334ff63f555b05ec2ca8fae81112b4fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessVersion
GetLogicalDrives
InterlockedExchange
GetTapeStatus
GetProcessHeap
GetEnvironmentStringsA
LoadLibraryExA
GlobalMemoryStatus
HeapQueryInformation
GetCurrentThread
WaitForSingleObject
GetModuleHandleA
GetTimeFormatA
CreateIoCompletionPort
HeapCreate
GetCurrentProcessId
IsDebuggerPresent
GetACP
GetStdHandle
VirtualProtect
HeapDestroy

user32

wsprintfA
BeginPaint
FrameRect
GetWindow
FillRect
SetForegroundWindow
GetParent
ReleaseDC
EndPaint
SetActiveWindow
GetFocus
GetCursorPos
ShowWindow
DrawTextA
GetWindowTextLengthA
GetDlgItem
GetTitleBarInfo
GetClassNameA
DragDetect

advapi32

RegCloseKey
RegCreateKeyA
RegFlushKey
RegEnumKeyA
RegSetValueExA

setupapi

SetupCloseLog

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ