d64a78797dc48d7e0a7067f1cd832ee2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d64a78797dc48d7e0a7067f1cd832ee2_JaffaCakes118
Size

42KB
MD5

d64a78797dc48d7e0a7067f1cd832ee2
SHA1

b56a09e856dc00b708c9d858e8f20b5786acc44a
SHA256

b8b6958477fa152a9f923935b7a91585ab58ef1e7693ea2090cfa0705724eaa7
SHA512

d456b37d8c38ad7451cf53a54217dde80e3f00d9568a681d80fb2e728ecd7584675ce3d4a4ae5200aa66d54ed37191e2f7bbf82fcc21ba5540c391fd4257efcb
SSDEEP

768:KN1XroRU2heZ1RdCM0Ko77HotHiTZhafJhP:CXroRrqfQwc2X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d64a78797dc48d7e0a7067f1cd832ee2_JaffaCakes118

Files

d64a78797dc48d7e0a7067f1cd832ee2_JaffaCakes118
.exe windows:0 windows x86 arch:x86

811c687e55e70e203ed5ebb65eecf668

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateNamedPipeW
lstrcmpiW
VirtualAlloc
GetAtomNameA
SystemTimeToFileTime
FreeLibrary
GetProcessHeap
OpenMutexW
GetVolumeInformationA
CreateSemaphoreW
ExpandEnvironmentStringsW

user32

RegisterClassW
GetTopWindow
SetActiveWindow
UnregisterClassA
IsChild
EnumWindows
GetWindowTextW
FindWindowW
WaitForInputIdle
InsertMenuItemW
SetScrollPos

gdi32

StretchDIBits
CreateDIBitmap
TextOutW
DeleteObject

advapi32

RegCreateKeyExA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 865B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ