42dd7dbbeb3f0ca2cc0d13f6163e949c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42dd7dbbeb3f0ca2cc0d13f6163e949c_JaffaCakes118
Size

4.1MB
MD5

42dd7dbbeb3f0ca2cc0d13f6163e949c
SHA1

95134b62d1f6ee08ec3730bfc799779bb62f8e86
SHA256

a5942ae661b44fa959e4bb00527c88dd222783ce10986a9afb08a826e503a592
SHA512

5dcfc264385ec6842a0f3dd936bb8116098aca795abe75121fd2d08ad98a5e17f448c0b07d30fc06b949184a6949524dee5c35b36661110204508e7a3bbff5e2
SSDEEP

49152:A2GRDo81i5VjHqyoXtTFNEARoLWUUG+lkulSqgCNMnC:A2GRox5q39TDEAGqFJk7nC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42dd7dbbeb3f0ca2cc0d13f6163e949c_JaffaCakes118

Files

42dd7dbbeb3f0ca2cc0d13f6163e949c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

759c64956bb9d5966a0ea13df192bc06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
LocalFree
MultiByteToWideChar
ReleaseMutex
GetFileSize
TerminateProcess
GetVersionExW
TlsFree
OutputDebugStringA
RaiseException
TlsAlloc
LocalAlloc
FreeLibrary
VirtualFree
GetACP
HeapFree
CreateFileA
InitializeCriticalSection
GlobalAlloc
HeapAlloc
GetModuleFileNameW
lstrcmpiW
lstrcatW
GetLocaleInfoW
GetLastError
CopyFileExA
GetSystemInfo
lstrlenA

user32

MoveWindow
GetClientRect
GetSystemMetrics
GetWindowTextW
SendDlgItemMessageW
GetWindowLongW
CharUpperW
GetWindow
DestroyIcon
GetMessageW
PostThreadMessageW
GetKeyState
SystemParametersInfoW

gdi32

CreateDIBitmap
GetTextAlign
TranslateCharsetInfo

advapi32

GetSidSubAuthority
CryptSetKeyParam
GetUserNameA
RegEnumKeyA
DeregisterEventSource
CloseServiceHandle

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ