02f112f681c0ab1420308bd6cf17b240_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02f112f681c0ab1420308bd6cf17b240_JaffaCakes118
Size

420KB
MD5

02f112f681c0ab1420308bd6cf17b240
SHA1

e02931c3f8dc372bbe478d328d9e81c28042b969
SHA256

482344a7e506c4db450f778051c00159aa9a0ff0f41dbcd14ed96adbbdba1983
SHA512

25436dd8afd43f7b5d995ff88d39423b4edc89f9ce55b7e080eb18d17b306f635137eb37cf13edc882a91ed39bfa532f61e0029402a1f651655b62e5956d3b56
SSDEEP

12288:0Of4yOGWAHB1mNkljYncMrk72hXCLhdAkTp:BAZRAHB1mGCncMavp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02f112f681c0ab1420308bd6cf17b240_JaffaCakes118

Files

02f112f681c0ab1420308bd6cf17b240_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5048296f7947fe2b98bec877df09eb12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetKeyboardType
CreateWindowExA
DdeCmpStringHandles

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
DeleteCriticalSection
TlsSetValue
lstrcpyA
Sleep

advapi32

RegQueryValueExA
RegSetValueExA

oleaut32

SysFreeString
SafeArrayPtrOfIndex

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileA

netapi32

Netbios

wsock32

WSACleanup

Sections

.text
Size: 24KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE