137326dcf196911912a1befe9fb5ed88_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

137326dcf196911912a1befe9fb5ed88_JaffaCakes118
Size

19KB
MD5

137326dcf196911912a1befe9fb5ed88
SHA1

53ab83595fde7f8bedcb4d48a51931bafc9c6960
SHA256

e012f47c656d33ca460afaa96a72143c21f85ea1447cba1c5eee340040878465
SHA512

bb25dcb0490e341ba440c71d3397c32f060f7683e6d994634d83cc92edcfdc03d5b21f479f6dafcc5f24e077dc0f4f663f8998fe2aec9d8a6bf90289ad8e7d6e
SSDEEP

192:+0dgXoMON+EPDxXMxsrQXi/hUEyGrhllfu4+oOFL0d9mB9HpJTOREIDSBgRPIHzC:bmPObXZny8W6iB9HbOOk8CnZ/KoTpH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
137326dcf196911912a1befe9fb5ed88_JaffaCakes118

Files

137326dcf196911912a1befe9fb5ed88_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3843966c4b373a88dcabf69ed89c3d0d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
GetCurrentProcess
GetProcAddress
GetModuleHandleA
Process32Next
lstrcmpiA
CloseHandle
Process32First
FreeLibrary
GetModuleFileNameA
WriteProcessMemory
VirtualAllocEx
ExitProcess
OpenProcess
GetOEMCP
GetACP
LoadLibraryA
Sleep
TerminateProcess
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
WideCharToMultiByte
LCMapStringA
LCMapStringW
RtlUnwind
GetStdHandle
WriteFile
GetCPInfo

user32

GetWindowThreadProcessId
MessageBoxA
FindWindowA

advapi32

GetUserNameA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE