4146076999f791aaa7120013da541872_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4146076999f791aaa7120013da541872_JaffaCakes118
Size

19KB
MD5

4146076999f791aaa7120013da541872
SHA1

4038f922116743e2148f6251ca080e14cfa00153
SHA256

c48930c816e4514dfe921550c15ad2706067ef8a2ea5ce3c6af283490b8ea5d1
SHA512

ed4b4156f9ceaf88cb236ff8ac13ad1ebc9cf7fe8f9ce693014686b0a65d7ffea3a2250ecc4fa255b87ae2950ca96e9e472f2b71f25d7ad86b6a981850a3a323
SSDEEP

384:7kvNm1F00Q+ifkSzvtl6rsd09+p8WxNDzXpjh4:7kFm1G0Q+ifxvt0YM+NJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4146076999f791aaa7120013da541872_JaffaCakes118

Files

4146076999f791aaa7120013da541872_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fbdb2a253adddb844cd57839dc1ee036

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
MoveFileExA
GetTempFileNameA
DeleteFileA
CloseHandle
WriteFile
CreateFileA
CopyFileA
GetFileAttributesA
lstrlenA
GetDriveTypeA
TerminateProcess
GetModuleHandleA
Sleep
GetModuleFileNameA
MoveFileA
GetLastError
GetTickCount
ReadFile
SetFilePointer
GetLogicalDriveStringsA
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32First
GetCommandLineA
Process32Next

user32

wsprintfA
GetInputState
PostThreadMessageA
GetMessageA

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyExA

dbghelp

SearchTreeForFile

msvcrt

exit
sprintf
??2@YAPAXI@Z
memset
strstr
strncpy
strcpy
??3@YAXPAX@Z
_stricmp
_access

Sections

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ