3afb7e7eeb516316767c7f41db5c4884_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3afb7e7eeb516316767c7f41db5c4884_JaffaCakes118
Size

66KB
MD5

3afb7e7eeb516316767c7f41db5c4884
SHA1

209ca0847ff57bd482bf4d6e8455e3f1f8a86733
SHA256

edd4b9c2e73d5be431f1dd468bd62619680bc476af8ab3f0f90b50d2413e7a21
SHA512

693a29388d2bbf88aa306c507bfa45f6013e64cee1be451b598835a105c35d0bd9bdacdff419e64cc9283888d60409b78ae11479df03f54f9c5f675c76d78b2c
SSDEEP

1536:LGPAqacKjTakbpMRk67NN5LYoQGVlrTz7oUV:CPiciTakbGk67NEoQulH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3afb7e7eeb516316767c7f41db5c4884_JaffaCakes118

Files

3afb7e7eeb516316767c7f41db5c4884_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10881888e1797cd4abd256ce3460b430

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegLoadKeyA

gdi32

SelectObject
LineTo
RestoreDC

kernel32

GetLocaleInfoA
ExitProcess
IsBadHugeReadPtr
VirtualAllocEx
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
GetLocalTime
GetLastError

comctl32

ImageList_Read
ImageList_Write
ImageList_Create
ImageList_DrawEx
ImageList_Remove

user32

PostQuitMessage
IsWindowUnicode
RedrawWindow
CharLowerA
RegisterClipboardFormatA
IsCharLowerA
GetWindow
PtInRect
GetMenu
RegisterClassA

Exports

Exports

_CFquxlV
_4kupw
P19tk7hX
GLxA7OmKw

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ