db0aca8ca47ca49c064e3d3949aa5cec_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db0aca8ca47ca49c064e3d3949aa5cec_JaffaCakes118
Size

96KB
MD5

db0aca8ca47ca49c064e3d3949aa5cec
SHA1

3d457aec2d1bd49b1f58b5d3731af286da6f10bb
SHA256

f764d744a8df83bb2562d4dc9c9b9824a0353b6381882f607f122f6c88a01447
SHA512

62766a893970ac9e0e988254e4dddfe3c878a50259116dccb35e0e35359d063449d9e722f51cb49d56249e7205ce33e4d9220178ea4b57a6eecebd3a9ee84868
SSDEEP

1536:UhDPlLoY/23RKDHGU/VKQZ9r+EaSzQEE0KvA2mRhspdzBJtw/0kKeVruw/Z4Ro7:dYOEDmUEQZ9r+EaSzuvA2EWdzB4KWuUP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db0aca8ca47ca49c064e3d3949aa5cec_JaffaCakes118

Files

db0aca8ca47ca49c064e3d3949aa5cec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d5416b819e9ad13ab12964674e30d80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
DeleteFileA
CreateMutexA
ExitProcess
SetFilePointer
CloseHandle
HeapReAlloc
GetComputerNameA
GetVolumeInformationA
GetProcessHeap
GetModuleFileNameA
GetLastError
CreateFileA
HeapFree
IsBadReadPtr
GetCurrentProcess

ole32

CoUninitialize
CoTaskMemAlloc

user32

SetWindowLongA
GetWindowLongA
TranslateMessage
DispatchMessageA
PostQuitMessage
GetSystemMetrics
DefWindowProcA
CreateWindowExA
LoadIconA
DestroyWindow

oleaut32

SysFreeString
SysAllocString

advapi32

RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ