fbbd8eca94bc5c0c14a58848ae1bf54f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbbd8eca94bc5c0c14a58848ae1bf54f_JaffaCakes118
Size

752KB
MD5

fbbd8eca94bc5c0c14a58848ae1bf54f
SHA1

cf915480eee882f890b6db9e10effe0df67d53fc
SHA256

55c8c3621b0af3a613a5e466a072c7bb7a448d49f47ada1f218a057dd6c01f64
SHA512

aafff1ec0007ca517fcd1cde5610c4f40c633bae31c4049491512ccee1e14eb83a9641e8624d89a45cc24357fbcfd9ac6719f5dc449ded1bd765240d3cb8fb67
SSDEEP

12288:cs7B1NSPYcBJKlU4uR2cnsIZSgbqLdxDlTsuS8MctTEZaTGX8gL31ar2MYAq2:r5WKS4S2cnZwgbClTsuStKTEZTX8Q16R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbbd8eca94bc5c0c14a58848ae1bf54f_JaffaCakes118

Files

fbbd8eca94bc5c0c14a58848ae1bf54f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d79611b246d8bc3eb6fe90c885d54fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
OpenProcess
GetStdHandle
GetCurrentDirectoryA
WaitForMultipleObjects
ExitProcess
GetTickCount
RemoveDirectoryW
GetModuleHandleA
CreateMutexA
GetStartupInfoW
DeleteFileA
HeapCreate
Sleep
GetFileAttributesA
GetConsoleTitleW
GetTickCount
GetEnvironmentVariableW
CloseHandle
GetLocalTime
HeapSize
FindClose
ReleaseMutex
CreateFileA
WaitForSingleObject

user32

FindWindowW
GetDC
GetDC
DispatchMessageW
PeekMessageA
GetDC
GetWindowLongA
FillRect
CallWindowProcW
DispatchMessageW
GetClassInfoA
GetSysColor
MessageBoxA

vbajet32

VBAGetExprSrv
VBAGetExprSrv
VBAGetExprSrv
VBAGetExprSrv

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 746KB - Virtual size: 745KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ