42463bc6745bb003802606a30566933f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42463bc6745bb003802606a30566933f_JaffaCakes118
Size

28KB
MD5

42463bc6745bb003802606a30566933f
SHA1

e43fe49e14481b801555a6146c3a20d4a16a9ef1
SHA256

1ecd95479ac845eb99d827c1af9125c902324dc046bdba04da55dd36c89b655a
SHA512

83d4acf31163d52ffbac2d27eec6e2cb7138460d592977b0ab58c83723ea9666bc5e1c6c1f098529fa2c234d8790c2dec7776e6e33018937970c121a73230fda
SSDEEP

768:GZSB2BPCfCfRdRtRaRZRlRVRiRoRqRJR0RyRStjMr8XHXr8Cz1cO:LMreHc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42463bc6745bb003802606a30566933f_JaffaCakes118

Files

42463bc6745bb003802606a30566933f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21a9bdb946ada4c58717e35dc26280e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
OpenEventA
SetEvent
Sleep
DeleteFileA
GetCurrentProcess
CloseHandle
GetModuleHandleW
ReadFile
FindNextFileW
GetProcAddress
VirtualQuery
ExitProcess
GetModuleHandleA
GetCommandLineA
OpenProcess
GetShortPathNameA
GetEnvironmentVariableA
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatA
lstrcpyA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
HeapFree
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange

user32

CharUpperA
MessageBoxA
ExitWindowsEx
wsprintfA
PeekMessageW

advapi32

RegDeleteValueA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
RegOpenKeyW
LookupPrivilegeValueA

shell32

ShellExecuteExA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE