1253fdfc991e30073ab64cd7c5ed4c0d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1253fdfc991e30073ab64cd7c5ed4c0d_JaffaCakes118
Size

359KB
MD5

1253fdfc991e30073ab64cd7c5ed4c0d
SHA1

37550631279b2f134587800eb3da70d056b5bace
SHA256

68ab4fb89e0ad3c4da4ba745b069bda958f4e2105b2451046889f6932f68e7b6
SHA512

6efb93cccb522e8a2b2ccb1cbb041c6d455ac650a31a90247d2ffd9e2b31ad75cd1c9ceca9709ca1da1b4adcc96dc175d64a934c44bc3cc070c8c6716e2c9812
SSDEEP

6144:d3LAL49rGut96qRAYRm5ylTuOMgnYMq13ah8T5ucSqncfvjSvzJefpvj374rIof:d3T9/A7YK1gNox0cSWUkJefpbJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1253fdfc991e30073ab64cd7c5ed4c0d_JaffaCakes118

Files

1253fdfc991e30073ab64cd7c5ed4c0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28ad3941ba25012e4e909c19276cdc04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA

msimg32

AlphaBlend
TransparentBlt

user32

CharNextA
GetClassLongA
GetKeyState
CharLowerA

kernel32

GetThreadPriority
InterlockedDecrement
TransmitCommChar
LoadLibraryA
EnumResourceNamesW
ExitProcess
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedIncrement

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ