3cb290ce81599f3b873f670b59b14d6e_JaffaCakes118 | Triage

Sharing

General

Target

3cb290ce81599f3b873f670b59b14d6e_JaffaCakes118
Size

159KB
MD5

3cb290ce81599f3b873f670b59b14d6e
SHA1

1df82a696a56d406729f37191566802b17f5ba6c
SHA256

650f826b1e88ece7d711ad312f2b662820665181bef4a3739af866d485bef5e6
SHA512

7b9fa9b359ba3e1b0a99a748a6db446c25d7da55becb5aaf602b2447879ae216cb6deccdb9e0af6d570ab4474ac062896d762a57ed9c7d123a6778b243231912
SSDEEP

3072:vvs7jHgY/NL4s/O9nrsnM9tMnPN9r1cfGJw/JERxdVV9/QMD74eY:UjHT/srsnPPNJ2JERxdV/H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cb290ce81599f3b873f670b59b14d6e_JaffaCakes118

Files

3cb290ce81599f3b873f670b59b14d6e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16b93e961c05e7c8f02fc542ee315794

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriority
InterlockedDecrement
TransmitCommChar
FreeLibrary
EnumResourceNamesW
ExitProcess
LoadLibraryW
LoadLibraryA
GetProcAddress
InterlockedIncrement

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA

user32

GetKeyState
CharNextA
GetTopWindow
CharLowerA

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ