dd3aa0dfb4644938887627691c441ce4_JaffaCakes118 | Triage

Sharing

General

Target

dd3aa0dfb4644938887627691c441ce4_JaffaCakes118
Size

244KB
MD5

dd3aa0dfb4644938887627691c441ce4
SHA1

8a1fe36c5ab9c4892c589c6349e0890a29a29b84
SHA256

653df605b6d7409ab26c3fce4b4dfabbaa6b1deb5a6aa18cba54b1dfe2d3f825
SHA512

e4e43e2923de3c6b9020d03349bf70b626d5e719c497c72801cd09f2f4932a2c0dca4d76f7415e4e7306d5b7762373c17c9d69b50860ad1a6676055fd183b898
SSDEEP

3072:zaMSOePHDkUe0mVZLTYNAUnSptxldQIaevadbRS/LKfuEaLeYbnfLk8GuhSi:z4b5elZLFUSLsevadF+KfhzY5b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd3aa0dfb4644938887627691c441ce4_JaffaCakes118

Files

dd3aa0dfb4644938887627691c441ce4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16d4f391428d2778a084ee75768b0dd0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDrives
TlsAlloc
GetCommandLineA
TlsFree
TlsGetValue
TlsSetValue
GetModuleFileNameA
GetCurrentProcessId
GetSystemDefaultLangID
FreeLibrary
IsValidCodePage
GetThreadPriority
VirtualAlloc
GetCurrentThread
GetStartupInfoA
GetCurrentProcess
GetDriveTypeA
Sleep
CloseHandle
GetCurrentThreadId
GetModuleHandleA

user32

GetWindowDC
ReleaseDC
UpdateWindow
GetActiveWindow
GetWindowTextLengthA
CreateWindowExA
ShowWindow
BeginPaint
GetSystemMetrics
GetClassLongA
GetDC
RegisterClassA
OpenIcon
GetWindowTextA
GetForegroundWindow
GetFocus
IsWindowVisible
GetWindow
GetWindowLongA

advapi32

GetUserNameA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
IsTextUnicode

version

VerQueryValueA
VerLanguageNameA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ