f60e962634e0b8424f4217185d118e10_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f60e962634e0b8424f4217185d118e10_JaffaCakes118
Size

44KB
MD5

f60e962634e0b8424f4217185d118e10
SHA1

6955161b217093757a74effb85e9861d24f600a5
SHA256

fff342ee67ed60d00ffb64b27cab29ee030a44a78c517792b74a4bc04bb859cd
SHA512

b173f46d1203d32a3e07a9e5ab4ec4b239b09ce27dc6ebfb9fef262d7f3c00950affcf09e26df75048426982c719fd95d205ec73c427687bcf9c1c9f0830d5a2
SSDEEP

768:JJu1jRlyZkSZ7cJntBi1C69h+fmHTAm0DWKKFn6ZeUNgiU6VRAMoq:Jg1jRwSSZYJn/J0cmUWoZb+iNRA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f60e962634e0b8424f4217185d118e10_JaffaCakes118

Files

f60e962634e0b8424f4217185d118e10_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d939fd2f5024a51d2d9fcc8286005781

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleA
GetStartupInfoA
FreeLibrary
CloseHandle
GetCurrentThreadId
GetModuleFileNameA
GetLogicalDrives
Sleep
TlsSetValue
GetACP
TlsFree
GetCurrentThread
GetCurrentProcessId
TlsAlloc
GetCurrentProcess
GetDriveTypeA
GetSystemDefaultLangID
IsValidCodePage
TlsGetValue
GetCommandLineA

user32

ShowWindow
GetWindowLongA
ReleaseDC
UpdateWindow
GetWindowDC
RegisterClassA
OpenIcon
GetWindowTextLengthA
GetActiveWindow
GetFocus
GetForegroundWindow
GetDC
IsWindowVisible
GetWindowTextA
BeginPaint
GetSystemMetrics
GetClassLongA
GetWindow
CreateWindowExA

advapi32

IsTextUnicode
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
GetUserNameA
RegOpenKeyExA

version

GetFileVersionInfoSizeA
VerLanguageNameA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ