f23ab0e8c86111d7909a159860ea987b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f23ab0e8c86111d7909a159860ea987b_JaffaCakes118
Size

167KB
MD5

f23ab0e8c86111d7909a159860ea987b
SHA1

2d55ece0fcb383dd337d379dc0da43df7374ac94
SHA256

e003f63aae67965f08e1c9fd3fb0eb5c803ca7a7eb6b8414c2f153a56a924dfb
SHA512

2cfc44ec12a59e814e4004c27c59ee4448968dde453b85c7d8aa8ea41b071e692434cf24eef4dbdc9d603cb949392e4bdbc27132b9994b4c003f3018b0bb18b7
SSDEEP

3072:5qesevzOaWnKwuFrNu/v9KwKMw/A5M3o1AllB9QTsOD1zWU1SylVBiX:5qe9ARCc/lKwKr/X1lB9gz1H13iX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f23ab0e8c86111d7909a159860ea987b_JaffaCakes118

Files

f23ab0e8c86111d7909a159860ea987b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6642a4e5af84998dc3dadebb0db7e9d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

user32

ExcludeUpdateRgn
FlashWindow
ValidateRect
DestroyWindow
IsWindowEnabled
UpdateWindow
GetCapture
ValidateRgn
SetCapture
IsWindow
InvalidateRgn
RealGetWindowClassA
ReleaseCapture
EnableWindow
GetUpdateRgn

kernel32

FileTimeToLocalFileTime
CreateFiberEx
SetErrorMode
IsBadReadPtr
LocalFileTimeToFileTime
SystemTimeToFileTime
LCMapStringW
LoadResource
LocalAlloc
SetThreadAffinityMask
GetSystemDirectoryW
GetShortPathNameW
FindNextFileW
GetLocalTime
EnumResourceNamesW
LocalFree
GetStringTypeW
SetThreadPriority
FindFirstFileW
SetCurrentDirectoryW
FreeLibrary
FileTimeToSystemTime
SetEnvironmentVariableW
FindResourceW
CompareStringA
GetCurrentProcess
GetOEMCP
FindClose
SearchPathW

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imul
Size: 512B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ