16951a08dcfcdc5358294d73f9d1d718_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16951a08dcfcdc5358294d73f9d1d718_JaffaCakes118
Size

213KB
MD5

16951a08dcfcdc5358294d73f9d1d718
SHA1

7f53bbb701406da7b2a07a9d5f5a7a4084416662
SHA256

cbdf71b295c23a39e893d72e71cf5683912a3b73c9b56ccda54dae6b3d2a1fe1
SHA512

2af3546af0bd043fface279b3edc6e367a86746a06fafac4308bb318dc30d5a6a74c5b3630aa87b562079f978d78b856d3f05012dca2d57fb0f5fd793a03a55a
SSDEEP

6144:Q/DvMQJ/CN89Iq9E+ZfzTLKlL1TH1/uBe0kSCT+q:Q/DvMqn7W+ZbapTH1Y4SHq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16951a08dcfcdc5358294d73f9d1d718_JaffaCakes118

Files

16951a08dcfcdc5358294d73f9d1d718_JaffaCakes118
.exe windows:5 windows x86 arch:x86

df257bd45de74a335274a3a8a25f367e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDesktopWindow
IsCharAlphaA
DialogBoxParamA
SetWindowTextA
EnumChildWindows
SetWindowLongW
GetActiveWindow
MoveWindow

ole32

CoCreateFreeThreadedMarshaler
CoRevokeClassObject

comctl32

InitCommonControlsEx

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

kernel32

GetDateFormatA
SetFileAttributesA
GetStartupInfoA
IsBadStringPtrA
GetTimeZoneInformation
FindResourceExA
HeapDestroy
LoadResource
HeapFree
ExitProcess
LocalAlloc
GetProcAddress
FreeLibrary
LoadLibraryA
SuspendThread
HeapCreate
DeleteCriticalSection
InitializeCriticalSection
LocalFree

Sections

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ