f9dc58b79b11d73f075fb9d30c202c47_JaffaCakes118 | Triage

Sharing

General

Target

f9dc58b79b11d73f075fb9d30c202c47_JaffaCakes118
Size

55KB
MD5

f9dc58b79b11d73f075fb9d30c202c47
SHA1

7a15ebe5eb528ba271c774ce7def2e4bc101a037
SHA256

0fe20ca871b811ff97834167382b61f1a1eab5339eae047d877f0de3ea702fbe
SHA512

0c1af6d7013656de7ecc13cbe10ef59da3b5dd0c66af4aa48ce391453d9c7d63f4c048a766d1f9a3d704cecde3a81e9d6005ab74232ec69082fa646f932f7e49
SSDEEP

1536:rBUz0bT0ZG3ocBuYJk0wFYwFWPQCJgP1x+cpBUCgnV/:rGz0bT+FST6LdCKPtOXR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9dc58b79b11d73f075fb9d30c202c47_JaffaCakes118

Files

f9dc58b79b11d73f075fb9d30c202c47_JaffaCakes118
.exe windows:4 windows x86 arch:x86

66d330ba7a1f578184d92beb456293f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
VDMOperationStarted
DeleteCriticalSection
CreateIoCompletionPort
GetFileSize
DeleteFiber
WaitForMultipleObjects
FindResourceA
GetThreadContext
WriteConsoleInputW
CallNamedPipeW
EnumResourceNamesA
SetThreadLocale
GlobalUnlock
GetCPInfoExW
RegisterWowExec
EnumSystemCodePagesW
CreateTapePartition
GetCommandLineA
ExitProcess
GetStartupInfoA

user32

MapWindowPoints
SetSysColorsTemp
FlashWindowEx
CopyIcon
SetUserObjectInformationA
UserLpkTabbedTextOut
SetClassWord
OpenClipboard
UserClientDllInitialize
BlockInput
SetSystemCursor
CheckDlgButton
CloseDesktop
GetDlgItem
MapWindowPoints

Sections

CODE
Size: 5KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE