d9c34949ba60949b7eed4d90ab7e4ed2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9c34949ba60949b7eed4d90ab7e4ed2_JaffaCakes118
Size

109KB
MD5

d9c34949ba60949b7eed4d90ab7e4ed2
SHA1

99934c99a3f8971385bb1dd0565e04f0b3b16690
SHA256

609f4cb7dd33eac89e8e5fb4abb98fee8246b8a6b7b0a39495209833c5eba51c
SHA512

28f57ac16d3e38a07b54c35730d5ea6578aca8e6c1eebe815eeef2298b4d4e46de87753ae00a71423d156cfeb88b94c29192caa2b9d8fb5359391cd08f170e66
SSDEEP

1536:UBo9vm1gHkfxFCkfnZYWb9fWE4UfEvsKWpcRocSNEq7SS:U6vegwXYSfNJ9eocSNMS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9c34949ba60949b7eed4d90ab7e4ed2_JaffaCakes118

Files

d9c34949ba60949b7eed4d90ab7e4ed2_JaffaCakes118
.exe windows:30139 windows x86 arch:x86

3ef1989b32b7e09792285019d08ae054

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCloseKey
RegQueryValueExW
OpenProcessToken
CloseServiceHandle
RegOpenKeyExW
OpenThreadToken
RegOpenKeyExW

user32

LoadStringW
DestroyWindow
GetMessageW
GetDlgItem
SetCursor
DestroyWindow
SetTimer
CreateWindowExW
DefWindowProcW
CreateWindowExW
GetSystemMetrics

gdi32

DeleteObject
GetStockObject
LineTo
CreateCompatibleDC

shell32

ExtractIconW
ExtractIconExW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathW
ShellAboutW
Shell_NotifyIconW
SHGetPathFromIDListW

kernel32

GetModuleHandleA
GetModuleHandleW
GetModuleHandleA
lstrcmpiW
LocalAlloc
GetACP
VirtualAlloc
GetCommandLineA
ExitProcess

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 81KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ