070481363a1483ce24c3757a47a60708_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

070481363a1483ce24c3757a47a60708_JaffaCakes118
Size

305KB
MD5

070481363a1483ce24c3757a47a60708
SHA1

e47bd4412b7337487195e165ee2c469885e0af5a
SHA256

fffde7f53749abc298cd8b112303ebbbc99b35a92cb75b60058ebb739ae92d54
SHA512

54fa329fb6708a9cca5d05898d73a1ba7b212c3db7bd7e7796904e7cc99ec5c8652a2924126acca2f74fb431f7daabb763c6f5f64ce31c55b94cce41ba4d8b28
SSDEEP

6144:0rxC/VCtaA012+adiR5L9Q0J9ZShi08S50tI5vBX1WOjKh9FUUCjtx:0rMwT01dZrL9Q0fZtCYIr8jUUCj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
070481363a1483ce24c3757a47a60708_JaffaCakes118

Files

070481363a1483ce24c3757a47a60708_JaffaCakes118
.exe windows:4 windows x86 arch:x86

400e9ebe0ad60b2c98cfa5f94bea2232

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetEnvironmentVariableW
GetDriveTypeA
ReleaseMutex
TlsGetValue
GetCurrentProcessId
GetFileTime
InitializeCriticalSection
CloseHandle
GetPrivateProfileStringA
LoadLibraryW
HeapCreate
GlobalFlags
WriteFile
ReleaseMutex
LocalFree
GetCurrentThreadId
CreateEventW
FindClose
IsBadStringPtrW

user32

DispatchMessageA
GetSysColor
GetSysColor
GetClientRect
GetKeyboardType
DrawTextA
DrawStateW
EndDialog
CreateWindowExA
SetFocus
GetClassInfoA
IsWindow
CallWindowProcW

qcliprov

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

advapi32

InitializeSid

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ