JaffaCakes118_3e06af248ddb559b61ca1f7f71dbf970 | Triage

Sharing

General

Target

JaffaCakes118_3e06af248ddb559b61ca1f7f71dbf970
Size

176KB
MD5

3e06af248ddb559b61ca1f7f71dbf970
SHA1

a8f2084281c715166e850eac0623886092906c26
SHA256

10cdc9b9502f48acdd743f03b4855e6418ed44e9a4ac1edbd8baf4b25dac08bf
SHA512

f731354bc3279bf39873a99c1768f09c7e6cf385ad38fec309390f0c1baf5b84522e64f168e7b3d99cf47c8268698b7221d0f4129f171f5e280903972c307a47
SSDEEP

3072:HvEnze6FODTkAnV4wNTPuLiZf923XHtN2c/9ZbH4R8qh6Z8PL0X8ue:snAywFg+CXNZ/9ZbHBZ8L0XJe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3e06af248ddb559b61ca1f7f71dbf970

Files

JaffaCakes118_3e06af248ddb559b61ca1f7f71dbf970
.exe windows:4 windows x86 arch:x86

6b123656f9b9583a814f442e7a0d2f92

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA

user32

GetClassLongA
CharNextA
GetKeyState
CharLowerA

msimg32

AlphaBlend
TransparentBlt

kernel32

GetThreadPriority
GetProcessHeap
SetCommTimeouts
LoadLibraryA
EnumResourceNamesA
ExitProcess
GetProcAddress
VirtualAlloc
FreeLibrary
VirtualFree

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ