1b9e194f57ee9093d09e7372451cfd5c_JaffaCakes118 | Triage

Sharing

General

Target

1b9e194f57ee9093d09e7372451cfd5c_JaffaCakes118
Size

142KB
MD5

1b9e194f57ee9093d09e7372451cfd5c
SHA1

efe3d9a838eea969f088684f06dc46a7da47e8b3
SHA256

da7b8597e2712a7745e0df4862037de632b5568363f8adc2546b8eb6884df279
SHA512

c39b554795fb4689fdaa3d191366ac426f8950bcc0b6fcabdebf6758f65bc943f6bacbb1c68a35e99f986844d3e28e2a89876e0864558d7988daacd7b9f647a6
SSDEEP

1536:MygUmA0leANbNoAWanpuXjs2zcsHnYpw8PcidvinYGueln2Lq:MxUmdleANKAWapYzcmYlnvizuqnZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

1b9e194f57ee9093d09e7372451cfd5c_JaffaCakes118

Files

1b9e194f57ee9093d09e7372451cfd5c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

86f9dedc4246de1a9ec57fe8ba672a8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
UnmapViewOfFile
WritePrivateProfileStringA
GetPrivateProfileStringA
Sleep
VirtualAlloc
GetModuleFileNameA
ExitThread
CreateThread
SetErrorMode
LoadLibraryA
GetProcAddress
lstrlenA
VirtualProtect

msvcrt

memcpy

user32

wsprintfA
MessageBoxA

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

advapi32

RegSetValueExA
RegOpenKeyA
RegCloseKey

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE