125c3927cd77237b77b7827830a6e350_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

125c3927cd77237b77b7827830a6e350_JaffaCakes118
Size

161KB
MD5

125c3927cd77237b77b7827830a6e350
SHA1

b8f646b69ceb70b3a48bff99a67d023ad5c65f80
SHA256

c983e7e175d481470395dfc0e9704986b56d7322052818ea5865ffb05cee99e9
SHA512

627189d263a39d758afc99fdff2153708de3595c4420a12136c81ddf646227c25ada852534f954adbf1c87008956d919b05d64eb47780f2cc5eabee95bb8cad9
SSDEEP

3072:QK3/DujEfro+R5xeNStqQYokg36+KP7i5Y/B/sOLw23aj7Z:QiZf0+R3ysqQY5gkzi5escwf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
125c3927cd77237b77b7827830a6e350_JaffaCakes118

Files

125c3927cd77237b77b7827830a6e350_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2191e63d431f3323aad52ffc708052a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadIOPendingFlag
CompareStringW
CreateFileW
GetLastError
WideCharToMultiByte
SetEndOfFile
TransmitCommChar
GetProcAddress
CompareStringA
InterlockedDecrement
LoadLibraryA
EnumResourceNamesW
IsBadReadPtr
SetStdHandle
LoadLibraryW
FreeLibrary
CloseHandle
WriteFile
MultiByteToWideChar
ExitProcess
GetTempPathW
CreateMutexA
GetModuleFileNameA
InterlockedIncrement
FlushFileBuffers
SetEnvironmentVariableA

msimg32

AlphaBlend
TransparentBlt

user32

wsprintfW
GetKeyState
wsprintfA
MessageBoxA
GetTopWindow
CharUpperA
CharNextA
CharLowerA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ