0b5ea726413e6a3c0ac8e1c15f0528b5_JaffaCakes118 | Triage

Sharing

General

Target

0b5ea726413e6a3c0ac8e1c15f0528b5_JaffaCakes118
Size

260KB
MD5

0b5ea726413e6a3c0ac8e1c15f0528b5
SHA1

533a6d3ac96657a20d0a318527f494fd6b704179
SHA256

bc04e4587532a19c8265e92078b14991947e4e115c8de9273cd429d8fe5c06aa
SHA512

ff7b141e5ae450b55b29437379f50d40acfb3a30e0f469d525a56e37e3dd1489cbebf151f37c5126b02159d1b4f5d87ed6ba87ff127543a53837dbb96a7eaa5d
SSDEEP

6144:54e9lk1D/Cpl427csiAw9237BWGf3cCmMc1dM97qD7yk:5v9lyKT4eBiJ23FPNmM0S97qak

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b5ea726413e6a3c0ac8e1c15f0528b5_JaffaCakes118

Files

0b5ea726413e6a3c0ac8e1c15f0528b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

71dac6cd42ff967fae94fd39d5fb74b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCommState
IsBadStringPtrA
EnumResourceLanguagesW
EnumResourceNamesW
SetMailslotInfo
Sleep
GetLongPathNameA
TlsAlloc
GetDateFormatA
GetTickCount
GetTapePosition
SetTapePosition

user32

GetClipboardFormatNameW
wsprintfA
ChildWindowFromPoint
ChangeDisplaySettingsW
DlgDirListW
DlgDirSelectComboBoxExA
GetTopWindow
IsCharUpperW
LoadStringW

gdi32

ModifyWorldTransform
CreateHalftonePalette
StretchDIBits
StretchBlt
EnumFontFamiliesExW
CreateCompatibleDC

ws2_32

sendto
bind
socket
htons
WSAStartup
recvfrom

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE