3834f8458be6372a3504c8006343110d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3834f8458be6372a3504c8006343110d_JaffaCakes118
Size

34KB
MD5

3834f8458be6372a3504c8006343110d
SHA1

5150aaa7574ffd8b78a83d108220ae319ebb02f5
SHA256

d31d0806bde97e93bc427d3b88958347038b3e970e3e7a67d3a270c0070cf976
SHA512

94b5c4a37c9e9b248804f15ded72367a7539cb4d0b4588beb3cdf092732baec849312bf4f0e21289bad1945090edbfbb8a44420e0363f6f360e745bdd229d04f
SSDEEP

768:7nyaIFePYjdYRVZPPFAyYy+oanh2yQwR:Ly7FXeVtAyZaAyf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3834f8458be6372a3504c8006343110d_JaffaCakes118

Files

3834f8458be6372a3504c8006343110d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8f3d41f4df80591910a96a74b5a5c536

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
DeleteFileA
CloseHandle
GetModuleHandleA
GetModuleFileNameA
ResetEvent
GetProcAddress
GetLastError
ExitThread
lstrcatA
CreateEventA
Sleep
SetEvent
WaitForSingleObject
FreeLibrary
HeapAlloc
HeapFree
GetProcessHeap
ReadFile
ExitProcess
CreateThread
WriteFile
LoadResource
FindResourceA
CompareStringA
Process32First
CreateToolhelp32Snapshot
lstrlenA
lstrcmpA
WaitForMultipleObjects
CreateFileA
RtlUnwind

user32

MsgWaitForMultipleObjects
CreateWindowExA
TranslateMessage
DispatchMessageA
IsWindow
DestroyWindow
wsprintfA
AnyPopup
PeekMessageA

advapi32

RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegNotifyChangeKeyValue

ole32

CoInitialize
CoUninitialize

shell32

SHGetFolderPathA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ