367e2e644512410666709c37acb36528_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

367e2e644512410666709c37acb36528_JaffaCakes118
Size

93KB
MD5

367e2e644512410666709c37acb36528
SHA1

c1413979f7b85d701750b41287b8e7a31f8ff6d7
SHA256

bc0ed8758f64872abc54ecddd14839308215d3fa7533eaab23c09a73bc37ff58
SHA512

96f77bb93de2053a7fcefdcbfd120ba63debf52330ed305531a309c1c61df2c68a364cbdc99a8b5e56dc2d89c86696dd8c4526149786721f47d263f6acb103e7
SSDEEP

768:Eur4TmoEonSk0uQdTl3G/Ao7rKqEr/Ilr5Z6VzzS2Y88888888TyOZGGKDEE4HbE:EI4JEoZ0uQdTc7OqErar+hcya5pIU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
367e2e644512410666709c37acb36528_JaffaCakes118

Files

367e2e644512410666709c37acb36528_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c2440a095b79071f00a88568f9f6a6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateProcessA
GetCurrentDirectoryA
SetLastError
GlobalUnlock
CloseHandle
FindResourceW
LoadLibraryW
HeapCreate
FindClose
GetComputerNameA
GetModuleHandleA
GetCommandLineA
GetCurrentThreadId
lstrcpyA
LocalFree
PulseEvent
lstrlenA
UnmapViewOfFile
CreateFileW

user32

CreateWindowExA
GetCaretPos
FillRect
GetDlgItem
CheckRadioButton
DrawEdge
SetFocus
DrawMenuBar
CreateIcon
GetDC
IsWindow
DispatchMessageA
CallWindowProcA

cryptui

CryptUIDlgSelectStoreA
WizardFree
LocalEnroll
CryptUIDlgCertMgr
CryptUIDlgSelectCA

appwiz.cpl

ConfigStartMenu

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

njjwncv
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE