JaffaCakes118_48610ac16ade33cf81880524b81bcd60 | Triage

Sharing

General

Target

JaffaCakes118_48610ac16ade33cf81880524b81bcd60
Size

176KB
MD5

48610ac16ade33cf81880524b81bcd60
SHA1

df055481f165e0ab119facdfe68ea0335f81d706
SHA256

e22eeb0c3412f59295fbb4381705bbbfc96fe36e6d121fa38f73460c99df270f
SHA512

29f36828a0483e7097d6ba92c89975bf11bf06bdec6506dbe87786a6f1bd3977adbdf8bb76943a5cd4dc6dc44554747590d58ee57bd19b271099b9a99aaec2d8
SSDEEP

3072:JCHTWq+uy700dQAkxQlEiVW8daF9BbaTQg76u9otniuBdlXN+BRGH:kTWq+T7ldKOW8U99azSniuBh+bGH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_48610ac16ade33cf81880524b81bcd60

Files

JaffaCakes118_48610ac16ade33cf81880524b81bcd60
.exe windows:4 windows x86 arch:x86

b39203fae3f3f496fa1ed348ecfe613c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

kernel32

InterlockedDecrement
SetStdHandle
MultiByteToWideChar
GetThreadIOPendingFlag
WideCharToMultiByte
FreeLibrary
GetLastError
TransmitCommChar
FlushFileBuffers
CompareStringA
GetTempPathW
CloseHandle
LoadLibraryW
EnumResourceNamesW
WriteFile
CreateMutexA
LoadLibraryA
InterlockedIncrement
SetEndOfFile
CompareStringW
GetProcAddress
ExitProcess
GetModuleFileNameA
IsBadReadPtr
CreateFileW
SetEnvironmentVariableA

user32

wsprintfW
CharUpperA
GetKeyState
MessageBoxA
GetTopWindow
CharNextA
wsprintfA
CharLowerA

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ