1289417b6d45828fb1f3514b0fdbd3bd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1289417b6d45828fb1f3514b0fdbd3bd_JaffaCakes118
Size

165KB
MD5

1289417b6d45828fb1f3514b0fdbd3bd
SHA1

78a7af7818a684b73f405fd9fdf997f029d73450
SHA256

274f365cfe368971626bb9d9d5f4ac80911f248728acb390484f868fd5c9a602
SHA512

8a63733f12a6a763fbf1229bdc040db1add658c510f07203313369c987a6ab88a1cdc6e2d1f79d9a9d98e2d26b0e94da2a7b4d44fb2c8c6bec1a8ccce0ffdee8
SSDEEP

3072:3I4gJvmYuqqKz/3yCktlCrWZ7i2WpmFJVww62r/gSiUGaScq:3NgtHHSmrW1BJuNas

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1289417b6d45828fb1f3514b0fdbd3bd_JaffaCakes118

Files

1289417b6d45828fb1f3514b0fdbd3bd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55f45e53cbc9c3ba17df7a228df993ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Add
ImageList_DrawEx
ImageList_Destroy

ole32

OleRegGetUserType
CoRevokeClassObject
CoGetMalloc
CoRegisterClassObject
CoGetContextToken

kernel32

GetCurrentProcessId
VirtualAllocEx
GetVersionExA
lstrlenW
CreateFileA
GetModuleHandleA
GetACP
GetThreadLocale
GetCommandLineW
ExitProcess
GetProcAddress
GetCommandLineA
LoadLibraryExA
GetStringTypeA
GetOEMCP

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA
GetFileTitleA
FindTextA

msvcrt

srand
pow
wcsncmp

advapi32

RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyA

Sections

CODE
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ