f014b03e18d8161e594f34293e0e1477_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f014b03e18d8161e594f34293e0e1477_JaffaCakes118
Size

64KB
MD5

f014b03e18d8161e594f34293e0e1477
SHA1

29e2eb544dc13a1255af4a77c55850eb9c1a659f
SHA256

ce2e4ac75597fed404b6af0a0a48c1a2433b6f22400cbcc7095a1faece0438d0
SHA512

7aef640390c3500324e1b52cf59928ee577f2076d131eacfb1987137bf88baa7bfd4b4caca1926d88fdf797c6f699f95fdc49b38285a28554aedfe365a086e6e
SSDEEP

1536:Zru9ifO027cHVIaxyW2FK84ZuZlTufMdT+L:Zrsib1IaAWqX4ZulTuc+L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f014b03e18d8161e594f34293e0e1477_JaffaCakes118

Files

f014b03e18d8161e594f34293e0e1477_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7079d557c066c57338fd26a07105d111

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
GlobalFree
LoadLibraryA
CreateEventW
CloseHandle
GetModuleHandleW
GetProcAddress
GetUserDefaultLangID
DeleteFileW
FindResourceExW
GetCurrentThreadId
WideCharToMultiByte
ResetEvent
SetCurrentDirectoryW
CreateThread
FindResourceW
GetModuleFileNameW
MoveFileW
LockResource
WritePrivateProfileStringW
GetLocalTime
CreateFileW
FreeLibrary
lstrcpyW
LoadLibraryW
ReadFile

user32

SetWindowTextW
VkKeyScanW
GetWindowRect
GetWindowThreadProcessId
IsDlgButtonChecked
GetCursorPos
LoadCursorW
TranslateMessage
wsprintfW
MessageBoxW
CreateWindowExW
SetWindowPos
SetCapture
LoadStringW
GetClassNameW
TrackPopupMenu
OffsetRect
IsWindow

gdi32

CreateCompatibleBitmap
Rectangle
GetDeviceCaps
CreateBitmap
StretchBlt
SelectObject

advapi32

RegCreateKeyExW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
RegSetValueExW

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE