e23e9b907cc3cf16dc9e5ec87b0cddb5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e23e9b907cc3cf16dc9e5ec87b0cddb5_JaffaCakes118
Size

242KB
MD5

e23e9b907cc3cf16dc9e5ec87b0cddb5
SHA1

c93bba00ca62da4ecca170810fc35f7d4b9fc3b7
SHA256

488c386c0ca50b18af7971a160f04c972b264c71fb6e71b4fd514242a192348a
SHA512

632820544a660daca67593a54b3299f158f8a8e184637bae5ddf6a20f2b9661e25945dee5a54221d6027c7ec3641b0b5a8ea6fc5c9d1e47ea2c024ab01318750
SSDEEP

6144:yRm3+GoihAffSA2wk7pMOhBdq7IlTkYNk7aEQq4Mfum:yAFoihqffYMOvdq7IIYZEaM/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e23e9b907cc3cf16dc9e5ec87b0cddb5_JaffaCakes118

Files

e23e9b907cc3cf16dc9e5ec87b0cddb5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d33d1e5ec2b755d289db65748e0f32c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
FreeLibrary
GetACP
GetCurrentProcess
GetSystemDefaultLangID
GetCurrentProcessId
GetModuleHandleW
lstrcatA
VirtualAlloc
GetCommandLineA
lstrcmpA
TlsFree
GetModuleFileNameA
IsDBCSLeadByte
GetCurrentThread
GetDriveTypeW
Sleep
GetLogicalDrives

user32

GetForegroundWindow
BeginPaint
ShowWindow
GetDC
GetActiveWindow
GetWindowDC
GetClassLongA
GetWindow
CreateWindowExA
RegisterClassA
ReleaseDC
UpdateWindow
GetWindowTextA
GetWindowTextLengthA
GetSystemMetrics
GetWindowLongA
IsIconic
GetFocus
IsWindowVisible

advapi32

RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameA
IsTextUnicode

clbcatq

DowngradeAPL
SetSetupOpen
ComPlusMigrate
SetSetupSave

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ