9ce2744f8ee6871fd5ac25669eda0b3a_JaffaCakes118 | Triage

Sharing

General

Target

9ce2744f8ee6871fd5ac25669eda0b3a_JaffaCakes118
Size

186KB
MD5

9ce2744f8ee6871fd5ac25669eda0b3a
SHA1

5d296666b73943911c132b396370b6ddd4c9405f
SHA256

bffab503f821b777dd1f2c76c4d234465d0ad5765d7245ba2158e113aef7ed1c
SHA512

eb36ddbcf97b3963e2aee8fcf3971231be67a59f0200810a060157fa86110e50ef58b24aa28543a8eccb32f8ffa40b5aed4a8b80f02fb75dbae0b213b1f52f6e
SSDEEP

3072:lNo9JN+d3yQbpMal0Ud72ZLa5udCq6i1KFPCuIxFzAdoEm8zFBZy41pIpzc:lNfphd7qawYk1KF1ILzsC8ZB31yp4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ce2744f8ee6871fd5ac25669eda0b3a_JaffaCakes118

Files

9ce2744f8ee6871fd5ac25669eda0b3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c219f5ea697c793c6df325202201316e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

CreateFileW
LoadLibraryA
GetTempPathW
GetThreadIOPendingFlag
GetModuleFileNameA
WriteFile
LoadLibraryW
TransmitCommChar
MultiByteToWideChar
InterlockedDecrement
FlushFileBuffers
EnumResourceNamesW
CompareStringW
GetLastError
GetProcAddress
IsBadReadPtr
CreateMutexA
SetEndOfFile
ExitProcess
CompareStringA
SetStdHandle
CloseHandle
InterlockedIncrement
FreeLibrary
WideCharToMultiByte
SetEnvironmentVariableA

user32

CharUpperA
CharNextA
GetKeyState
MessageBoxA
wsprintfW
GetTopWindow
wsprintfA
CharLowerA

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ