05becf7392130ebc0eb498ed18be1071_JaffaCakes118 | Triage

Sharing

General

Target

05becf7392130ebc0eb498ed18be1071_JaffaCakes118
Size

293KB
MD5

05becf7392130ebc0eb498ed18be1071
SHA1

0d4f4fd810c9e2d8d1716e030c67ec520fb072f6
SHA256

60d11780cb14b864d8e7bf40b2260eed10d74f0ec4a9a4cc76865cf9666868e8
SHA512

a4791212299f3d8850dfc8b15b025ec81694ca14a9ecfe61f24aac5d1b4fa6b90f3098fdd91daab1c53227acc6a0f72345d9e57a3bb3710fa408493ba67f8324
SSDEEP

6144:PGw+5xW7Zgk8PY9hMvbCl7AXG0LlUWnsDqfIv2QJmDBN/e54:+nTEZg5Y9hMvWed7LfLQJqB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05becf7392130ebc0eb498ed18be1071_JaffaCakes118

Files

05becf7392130ebc0eb498ed18be1071_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e6f58f7e95aebf905f2a31bbe8ece472

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProfileIntA
GetAtomNameA
CloseHandle
GlobalUnlock
InterlockedExchange
FindAtomA
GetStdHandle
GetVersion
TlsGetValue
LoadLibraryA
GetConsoleCP
GetACP
GetTickCount
HeapWalk
CompareFileTime
WaitForSingleObject
lstrlenA
TlsFree
GetModuleHandleA
VirtualProtect
HeapReAlloc

user32

InflateRect
SetPropA
GetDlgItem
GetScrollRange
GetMenuStringA
CreateCaret
TranslateMessage
SetWindowPos
CopyRect
ShowWindow
DispatchMessageA
InsertMenuA
PostMessageA
DialogBoxParamA
EnableScrollBar
UpdateWindow
GetMenu
ModifyMenuA
PaintDesktop
GetWindowTextA
GetKeyboardLayout
SubtractRect
PostQuitMessage
MessageBoxA
EqualRect
DestroyMenu
LoadIconA

msi

MsiDoActionA
MsiGetMode
MsiCloseHandle
MsiEnumClientsA
MsiEnumProductsA

ws2_32

WSAAccept

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ