03de926155e14dcdcb26db37853a3c55_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03de926155e14dcdcb26db37853a3c55_JaffaCakes118
Size

411KB
MD5

03de926155e14dcdcb26db37853a3c55
SHA1

c615cf93eace266e4aa7622ac0cd3838d2e88b76
SHA256

494965adb10b86d4c1abfaabc82e9732cb2692c7abc4a6a2919a6ce3b5d6ad3e
SHA512

1940d0ec053360bdd93e27830e6da1974467f890f21fdebe89298c72665989699c7feacc46d0be8bb4e61021e50842265816a636bce3901359552fb30d91965c
SSDEEP

12288:RvshjBkmTPMk8Cx5fNRBBbY548VH1s8OJjFjzmzNFS:pOWYMJQNRBSfB1s8O1F/kFS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03de926155e14dcdcb26db37853a3c55_JaffaCakes118

Files

03de926155e14dcdcb26db37853a3c55_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12d2bb298485f3b358a0b58c6c0cfab0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetStringTypeExW
GetVolumeInformationA
GetShortPathNameA
RtlUnwind
WriteProfileSectionA
GetTempPathW
GetCurrentProcess
GetProcAddress
VirtualAlloc
CreateFileMappingA
GetPriorityClass
HeapReAlloc
InterlockedIncrement
AllocConsole
lstrcpyW
HeapFree
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
FormatMessageA
ReadConsoleOutputCharacterW
WritePrivateProfileStructA
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetFileType
GetTempFileNameW
GetProfileStringA
QueryPerformanceCounter
FindResourceExW
LocalUnlock
TlsGetValue
VirtualQuery
GetCurrentThreadId
CopyFileExA
HeapAlloc

user32

ReplyMessage
GetDialogBaseUnits

comdlg32

GetSaveFileNameA
PrintDlgW
ReplaceTextW
GetFileTitleW
ChooseColorW
ReplaceTextA
FindTextA
GetSaveFileNameW
GetFileTitleA
GetOpenFileNameA

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ