f798bb02a45ae3b61055143c6d26f913_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f798bb02a45ae3b61055143c6d26f913_JaffaCakes118
Size

638KB
MD5

f798bb02a45ae3b61055143c6d26f913
SHA1

99fa4f9002bf89ea24c62d34e5fbe867e534c33e
SHA256

2e49587e490cdbd02c78f4f13050c06243d7cc378baa378b90e490b9da862a81
SHA512

1da99d70b1776d2c56670e1e75786ceb6bdbf6d77f61d7150f658bf05df651870915e04671dea76f1fb7c2a72c92da791aab0488cf2efc4ff60a2c145563b7fb
SSDEEP

12288:er9RAf5C6Ly6UrEGkN9y/4+sGzqVVdWhYVbbqonJOtQiDeLDmdh2:er9RAf5C6CAGkO/4+srXwhotnJOtQMKd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f798bb02a45ae3b61055143c6d26f913_JaffaCakes118

Files

f798bb02a45ae3b61055143c6d26f913_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2ef566b7477c34cc931a593b8ec6272f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
lstrlenA
GetCommandLineA
GetConsoleCP
HeapReAlloc
GetTickCount
WaitForMultipleObjects
VirtualProtect
LoadLibraryExA
HeapCreate
CompareFileTime
GlobalUnlock
WaitForSingleObject
GetProfileIntA
InterlockedExchange
GetVersion
GetSystemDefaultLangID
SuspendThread
AddAtomA
GetModuleHandleA
GetStdHandle

user32

DestroyMenu
ModifyMenuA
MessageBoxA
FindWindowA
GetKeyboardLayout
DispatchMessageA
CreateIcon
GetKeyState
SetWindowPos
EnableScrollBar
GetDlgItem
CreateCursor
SetPropA
CreateMenu
CopyImage
DrawCaption
GetMenuStringA
DialogBoxParamA
SubtractRect
IsDialogMessage
InsertMenuA
EqualRect
InvertRect
CopyRect
CreateCaret

netapi32

DsGetDcOpenA
DsGetDcNameA
DsRoleCancel
DsRoleFreeMemory
DsGetDcNextA

wldap32

ldap_add

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ