42ff86eff6613206f15b8d71316f952f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42ff86eff6613206f15b8d71316f952f_JaffaCakes118
Size

552KB
MD5

42ff86eff6613206f15b8d71316f952f
SHA1

7931b6321f1f1677dba9d9d6684db9f48ebd8dba
SHA256

0e7824bf3278b7713d617c3e09aa24a721de2587b3238d6eed32bf3a14521e38
SHA512

cce9dde04410d4a47a9d062ab1f3afe4b64b2201ddfb3273c6ccf8b702c761b8b58bf1798a7e57593d1a14bb23643c022250854b3ed61a4eee5a9e9e4bccad64
SSDEEP

12288:+UR91ooCC6cdItSqJ8j/BcXFlETdawD7:+UX1otQdItSrjJcXFOc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42ff86eff6613206f15b8d71316f952f_JaffaCakes118

Files

42ff86eff6613206f15b8d71316f952f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1bfe1c5a198e961b76be4171c466698

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextVolumeA
CreateFileA
HeapAlloc
AllocConsole
GlobalUnWire
GetFileAttributesExA
GetVersionExA
GetLocalTime
EnumSystemLanguageGroupsA
GlobalSize
HeapReAlloc
GetLocalTime
GetProcessIoCounters
GetProcessWorkingSetSize
IsBadStringPtrA
OpenWaitableTimerA
Toolhelp32ReadProcessMemory
SetSystemTimeAdjustment
GetModuleFileNameA
MoveFileWithProgressA
OutputDebugStringA
VirtualAllocEx

advapi32

RegCloseKey
AdjustTokenPrivileges

user32

CharUpperBuffA
EnumClipboardFormats
UnhookWinEvent
DrawIcon
CascadeWindows
LoadImageA
CharNextExA
DialogBoxIndirectParamA
IsWindowEnabled
GetMenuItemID
GetUpdateRgn
DisableProcessWindowsGhosting
GetClassInfoA
MenuWindowProcA
CreateIconFromResource
GetWindowTextA
LoadMenuIndirectW
LoadIconA

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.itext
Size: 516KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ