f06c71490d2d3614367b8846d78d45df_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f06c71490d2d3614367b8846d78d45df_JaffaCakes118
Size

863KB
MD5

f06c71490d2d3614367b8846d78d45df
SHA1

53456fea35c9a33560c91e9c37cf5e72611ff168
SHA256

5c9a47dc1685cf733d4f5b36cc2c381edaefe6084b522b7e250d6fc491672184
SHA512

017d0735ee83637dd718502836595c409266b4a4ee68e3d5b9058dd01ed6f86da1119570ef061082893b0857a221a59ecbbfb808fde87f165c06a7dce5145308
SSDEEP

24576:XiW7ZnxExRwZMH3XUxHUi8QYs4aopk78rBN:yW9nxExyZMU2i8Qt45v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f06c71490d2d3614367b8846d78d45df_JaffaCakes118

Files

f06c71490d2d3614367b8846d78d45df_JaffaCakes118
.exe windows:4 windows x86 arch:x86

78e5be0368cd125d8c3367e824ddb7a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
GetCurrentProcessId
EnumCalendarInfoW
ReadFile
GetModuleFileNameA
GetFileAttributesA
FindAtomA
SetLastError
CreateMailslotA
GetProcessTimes
GetPrivateProfileStringW
GlobalFree
HeapDestroy
GetCurrentThreadId
HeapCreate
LocalFree
GetModuleHandleA
GetPriorityClass
EnterCriticalSection
SuspendThread

user32

DispatchMessageA
GetKeyboardType
IsWindow
GetSysColor
GetKeyState
GetWindowLongA
DispatchMessageA
CallWindowProcW
GetWindowInfo
GetClassInfoA
DrawTextW
GetClientRect
SetFocus

colbact

DllGetClassObject
DllGetClassObject
DllGetClassObject
DllGetClassObject
DllGetClassObject

desk.cpl

DeskSetCurrentScheme

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 853KB - Virtual size: 852KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ