3941280cb4dc4085a16fc12e22a0d616_JaffaCakes118 | Triage

Sharing

General

Target

3941280cb4dc4085a16fc12e22a0d616_JaffaCakes118
Size

115KB
MD5

3941280cb4dc4085a16fc12e22a0d616
SHA1

0cf2679a1ba95ce9bd467fab1248a92f458b9dc8
SHA256

61afaf455ecf18c67e11cff50f54fdbaa534406bbe2da3efe77180261770038b
SHA512

55f169679f2e99b413c054a303ad45d0b19088f1a6e1a787f165fec9776efae0585c02e12460d260050152d400dad3ca99ec7eb9afcdc9155cc889b7ad6768c3
SSDEEP

3072:Ivy1kC/d4Msw/W1ZxBn/NyZOoTW5r7obvESxSycKX:ZLa1XxsHTW5rzaSyc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3941280cb4dc4085a16fc12e22a0d616_JaffaCakes118

Files

3941280cb4dc4085a16fc12e22a0d616_JaffaCakes118
.exe windows:5 windows x86 arch:x86

75f875952161a364831da7d9c2a78510

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_CxxThrowException
_purecall
wcschr

kernel32

GetModuleHandleW
GetCurrentProcessId
MultiByteToWideChar
GetEnvironmentStringsW
InterlockedCompareExchange
CompareStringW
GetStartupInfoA
LCMapStringW
WideCharToMultiByte
GetProcessHeap
SetEvent
GetProcAddress
TerminateProcess
GetACP
ExitProcess
GlobalAlloc
FreeLibrary
VirtualAlloc
GetLastError
DuplicateHandle
SetThreadLocale
FreeEnvironmentStringsA
LoadLibraryA
GetCurrentThreadId

user32

ShowWindow
SetTimer
FindWindowW
GetDlgItem
SetRectEmpty
GetCursorPos
GetWindowLongA
SetDlgItemTextW
GetWindowLongW
GetSysColor

advapi32

SetSecurityDescriptorDacl
RegCreateKeyExA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ