d4710898b7e45551359de796cd51063d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4710898b7e45551359de796cd51063d_JaffaCakes118
Size

296KB
MD5

d4710898b7e45551359de796cd51063d
SHA1

4640a752cc9fe7890d78f86c0711c7f67d0237ec
SHA256

605de7b05317763291797fef85fa65226b029229b03960e626d3f7130589e84c
SHA512

25d8123ca547fa8277328ab401d0105ff663c5a9ceed6db15f6938577079054247fc95acf12882438f0f1570c6dfde33c805c3e4b9cc935b1835ea3660ec4c9d
SSDEEP

6144:xhVwcLsbEdaVvbqmvyd77udDSVoXBc0Uu+zef8s+OIs6:vYb/l+jdfvoXBYeEscs6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4710898b7e45551359de796cd51063d_JaffaCakes118

Files

d4710898b7e45551359de796cd51063d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

44293925d82af088b6ec9aa854995ebe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
CreateWaitableTimerW
GetFileSize
GlobalFree
FreeResource
GetCurrentThreadId
LoadResource
TerminateThread
ExitProcess
VirtualAlloc
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapSize
IsBadReadPtr
LoadLibraryA
VirtualFree
VirtualProtect
GetFileAttributesExW
GetPrivateProfileStringW
ReadProcessMemory
lstrcpyW
GetDriveTypeW
FindResourceExW
GetModuleHandleW
LoadLibraryW
DuplicateHandle
GetFileAttributesW
GetUserDefaultLangID
GetCurrentThread
CloseHandle
FreeLibrary
FindNextChangeNotification

user32

LoadImageW
SetForegroundWindow
GetSystemMetrics
CreateWindowExW
GetKeyState
FillRect
ReleaseDC
PostMessageW
GetMessageW
IsWindow
DialogBoxParamW
DispatchMessageW

gdi32

Rectangle
CreateCompatibleDC
CreateSolidBrush
GetStockObject
CreateBitmap
GetMapMode
GetClipBox
SetMapMode
MoveToEx
SetTextColor

advapi32

StartServiceW
RegCreateKeyExW
RegDeleteValueW

ole32

CoInitializeEx

Sections

.text
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE