1520d40c865b6a48f5368f7dafe9e3c0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1520d40c865b6a48f5368f7dafe9e3c0_JaffaCakes118
Size

296KB
MD5

1520d40c865b6a48f5368f7dafe9e3c0
SHA1

9e276a748c047aa013ba504c2e49533de378f590
SHA256

490474b10526678dffc0b7aead5d0d4ec575c05cc4869ccc046446704b08a8bc
SHA512

8c4dd9302024ff63960605d0bf0cc9557cd1d1af8a028c46825b61936bf9dff6b1de1178c866b4d3bf7820b513ef20311809c9675a66583472690ef38b2d1098
SSDEEP

6144:pFa/xG4yoM7Nkrgb0ExeJaHK2+MRkCwusMQOjHux+E4g74oJOV2BSbGq:pFaJG4a7Nkrgb5xeJaTdaCwusij7g74p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1520d40c865b6a48f5368f7dafe9e3c0_JaffaCakes118

Files

1520d40c865b6a48f5368f7dafe9e3c0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a5c96911281e31ccaab8ce1fd9630826

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalAlloc
GetTickCount
GetCurrentProcess
ExitProcess
VirtualAlloc
GetSystemInfo
CreateFileW
SetPriorityClass
WriteFile
ReadFile
GetCommandLineA
FindClose
FindFirstFileA
GetStdHandle
CloseHandle
CreateFileA
GetFileSize

user32

GetWindowThreadProcessId
SendMessageTimeoutA
SetForegroundWindow
LoadIconW
LoadIconA
LoadStringA
MessageBoxA

gdi32

GetStockObject

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA

shlwapi

StrCmpIW
SHSetValueA
SHGetValueA
PathRemoveFileSpecA
StrStrIA

msvcrt

_vsnprintf

Sections

.text3
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ