41b69aa3865816538069b4abfb2ae2b7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41b69aa3865816538069b4abfb2ae2b7_JaffaCakes118
Size

636KB
MD5

41b69aa3865816538069b4abfb2ae2b7
SHA1

ae02af7fe7dd9ed222543b6c7b26f64b112706d2
SHA256

a15e61e8a365f0737f2d703441afa820d45eba4511026f15f1563749cf6ffe75
SHA512

51f2e1377e70e5c1d4be6d61e8cc5e80d10d452e19c23becccbc3f61739811228b27ac4829587e73fc77059070d2d8bc6f8a497432782a4cb784fc03866c9f37
SSDEEP

12288:qh9mB+K/g9xb9B5YqIizD9NT/BbgyyEFf5/knBUetEmh8i8yxwvSK4tFa96s:S9mB+D7bj5rIitNbBTfayOtwvb4tFFs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41b69aa3865816538069b4abfb2ae2b7_JaffaCakes118

Files

41b69aa3865816538069b4abfb2ae2b7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21218bce2c0e1b8ce7295ad92167f94a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
HeapQueryInformation
GetTimeFormatA
CreateIoCompletionPort
GetCurrentProcessId
GetTapeStatus
InterlockedExchange
HeapDestroy
GetLogicalDrives
GetProcessVersion
GlobalMemoryStatus
WaitForSingleObject
VirtualProtect
GetProcessHeap
GetStdHandle
LoadLibraryExA
GetACP
HeapCreate
GetCurrentThread
GetEnvironmentStringsA
GetModuleHandleA

user32

ShowWindow
GetCursorPos
EndPaint
FillRect
GetWindow
BeginPaint
DrawTextA
ReleaseDC
GetFocus
GetWindowTextLengthA
GetTitleBarInfo
DragDetect
SetForegroundWindow
wsprintfA
GetDlgItem
GetParent
SetActiveWindow
FrameRect
GetClassNameA

advapi32

RegEnumKeyA
RegFlushKey
RegSetValueExA
RegCreateKeyA
RegCloseKey

setupapi

SetupCloseLog

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ