ec45b7616e0e5d9a4c5a8e8ea72aed79_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec45b7616e0e5d9a4c5a8e8ea72aed79_JaffaCakes118
Size

226KB
MD5

ec45b7616e0e5d9a4c5a8e8ea72aed79
SHA1

8f76514f7417963137b757fe0d8a2746f1bdb2e3
SHA256

44ce5d1c177326776bfd5107e9a1e119c5cbdb79c7fd2ca754c27e0405bad335
SHA512

23cae1fc1ebacdcb25d4f7b0cd574b44011b9c899f67dab0f3d477f09878adfd908143aeeb889d3d30705a4c8d61bf4da75e83022b4b57d814989883c4c73927
SSDEEP

6144:ViKm7b8WaAAE9DrB0haBUms9zWWi4HzHAsqfVs:VJm7kAAwrm9TzgXs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec45b7616e0e5d9a4c5a8e8ea72aed79_JaffaCakes118

Files

ec45b7616e0e5d9a4c5a8e8ea72aed79_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c248ce9451f3e9d9d7e8e8628f3a6a70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ExitProcess
GetStartupInfoA
GetVolumeNameForVolumeMountPointW
GetSystemDefaultUILanguage
FreeEnvironmentStringsW
MultiByteToWideChar
Module32FirstW
HeapCreate
CheckRemoteDebuggerPresent

user32

DdeSetQualityOfService
GetScrollPos
GetKeyboardState
GetDlgItemTextW
CreateMenu

advapi32

RegEnumValueA
LogonUserExA
ReadEventLogA
IdentifyCodeAuthzLevelW
ElfReportEventA
CopySid
ElfOpenEventLogW
ElfOpenEventLogW

ws2_32

WSAUnhookBlockingHook
WSCGetProviderPath
WSANSPIoctl
WSASetServiceA
getsockname
WSAEnumNameSpaceProvidersW

shell32

CommandLineToArgvW
SheChangeDirExA
PifMgr_GetProperties
CheckEscapesW
ExtractIconA
SheSetCurDrive

gdi32

GetClipBox
GdiEntry15
CreateDIBitmap
GetTextMetricsW
DdEntry3
GetStringBitmapA
GdiEntry16
GetEUDCTimeStamp
GetViewportExtEx

Sections

.text
Size: 224KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ