JaffaCakes118_304f456f6c3caf0f5c865bdb32061656 | Triage

Sharing

General

Target

JaffaCakes118_304f456f6c3caf0f5c865bdb32061656
Size

173KB
MD5

304f456f6c3caf0f5c865bdb32061656
SHA1

e1f2db1849f8adffaffedf7aed0b83a373138618
SHA256

d826d58381c7c9f4ee5cbf19b8758a8230f742ca11f92c995034c5c5aaff5287
SHA512

a7bf7e7b06d214fc0193f502b1761aa27008426ed03232edf5caf0b4ec546eddd6ac5ac6a4f202bfc923f097e09bd2b8741fa23bad3910c98e02ae818fbed4fd
SSDEEP

3072:BnrPYYjyvhM2qrIvfXS6BVrt2aGLd+XrOUCV1JXLnXixqltXA:BMYjyvhMt8vfXS6BVr7GLwrOjl7nX9DQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_304f456f6c3caf0f5c865bdb32061656

Files

JaffaCakes118_304f456f6c3caf0f5c865bdb32061656
.exe windows:4 windows x86 arch:x86

cd56abde235dd892e267c4e936101d3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

kernel32

FreeLibrary
GetThreadIOPendingFlag
WriteFile
WideCharToMultiByte
CompareStringW
SetEndOfFile
GetProcAddress
CreateFileW
TransmitCommChar
IsBadReadPtr
FlushFileBuffers
GetTempPathW
EnumResourceNamesW
CompareStringA
InterlockedDecrement
CloseHandle
GetLastError
InterlockedIncrement
MultiByteToWideChar
ExitProcess
SetStdHandle
CreateMutexA
LoadLibraryW
GetModuleFileNameA
LoadLibraryA
SetEnvironmentVariableA

user32

MessageBoxA
CharUpperA
wsprintfW
CharNextA
GetKeyState
GetTopWindow
wsprintfA
CharLowerA

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ