dda7e528c848f53c65257bd03e706766_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dda7e528c848f53c65257bd03e706766_JaffaCakes118
Size

186KB
MD5

dda7e528c848f53c65257bd03e706766
SHA1

18230e4a471435ac07cfbd90026250a2439a4a62
SHA256

b5ee4025f97a7d853732b4509761e142f9e67b930b27323c6bda69f9d79e4db7
SHA512

12e85fdc56fc1ac0632e3158779bafb5f9a5efb8db9fa3f37d8aab899cd574ecd6592178e63995949f1c38c34ffc068808812e403ed3a2eae5656171715cfd0e
SSDEEP

3072:lNo9JN+d3yQbpMal0Ud72ZLa5udCq6i1KFPCuIxFzAdoEm8zFBZy41pIpzc:lNfphd7qawYk1KF1ILzsC8ZB31yp4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dda7e528c848f53c65257bd03e706766_JaffaCakes118

Files

dda7e528c848f53c65257bd03e706766_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c219f5ea697c793c6df325202201316e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

CreateFileW
LoadLibraryA
GetTempPathW
GetThreadIOPendingFlag
GetModuleFileNameA
WriteFile
LoadLibraryW
TransmitCommChar
MultiByteToWideChar
InterlockedDecrement
FlushFileBuffers
EnumResourceNamesW
CompareStringW
GetLastError
GetProcAddress
IsBadReadPtr
CreateMutexA
SetEndOfFile
ExitProcess
CompareStringA
SetStdHandle
CloseHandle
InterlockedIncrement
FreeLibrary
WideCharToMultiByte
SetEnvironmentVariableA

user32

CharUpperA
CharNextA
GetKeyState
MessageBoxA
wsprintfW
GetTopWindow
wsprintfA
CharLowerA

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ