11b3176eb466d1e47bb78e533f70e311_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11b3176eb466d1e47bb78e533f70e311_JaffaCakes118
Size

171KB
MD5

11b3176eb466d1e47bb78e533f70e311
SHA1

a4a599aaf7833a6fcba3d3449dff03093a439642
SHA256

66dbcb501193e0b4ddcdf73529bfd686f0834b1b9b6e9bb5bdb5f611e2e4f70b
SHA512

febddecfc512f9604acffc12245cfbc71c68d4aa81b98e15771168239cc97bbb63cd900879df0624e3d87f57999cf12f44cfdb223e5c914e08ed59bcb7f2a83b
SSDEEP

3072:/S7Ur4dRmC+3nSkijvhslza7aVIaP/IkZ5saoMcMeP7lfDx1y7g1OF043jYpsD6G:YXmCiFiFZFa3xslHdPRfG7gky43UsFP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11b3176eb466d1e47bb78e533f70e311_JaffaCakes118

Files

11b3176eb466d1e47bb78e533f70e311_JaffaCakes118
.exe windows:4 windows x86 arch:x86

caa18307929f8acfe261353b31961392

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
FreeLibrary
GetCommandLineA
GetTickCount
GetModuleHandleA
CloseHandle
GetPriorityClass
ExitProcess
VirtualAlloc
ExitThread
LoadLibraryA
GetStartupInfoA
GetCurrentProcessId
GetLastError
GetProcessHeap
GetModuleFileNameA
GetProcessTimes
GetThreadPriority
Sleep
GetCurrentThread
GetCurrentThreadId

user32

GetForegroundWindow
OpenIcon
GetWindowLongA
ShowWindow
RegisterClassA
UpdateWindow
IsWindowVisible
BeginPaint
GetWindowTextA
GetActiveWindow
CreateWindowExA
GetWindowTextLengthA
GetDC
GetWindowDC
GetSystemMetrics
GetWindow
GetFocus
ReleaseDC
GetClassLongA

advapi32

GetUserNameA
RegCloseKey
RegCreateKeyExA
IsTextUnicode
RegOpenKeyExA
RegQueryValueExA

version

VerQueryValueA
VerLanguageNameA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE