070e5563b6470a0a63fabcc4b806c688_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

070e5563b6470a0a63fabcc4b806c688_JaffaCakes118
Size

7KB
MD5

070e5563b6470a0a63fabcc4b806c688
SHA1

c45b250712f06b6f37500efefa0afe38dc16cb3d
SHA256

1ad9b405216117c6bfa9858c7af0ddbca969deaa17a22fb2f0423dd537ee0473
SHA512

8c92e0daff4cb0b1df09d49f00e1a4702dd4f670fe4cdfd94218577c59ef13f5e035b5508aa8714764bea0f636882b1703cf31b295880e37a6673c63aaf8300e
SSDEEP

96:9MEv3tNC+9k15RHJ4CFylE+Ah1AbD2NmguGTNOdC78:mEvdNVY1JL6E38bKGGTNO+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
070e5563b6470a0a63fabcc4b806c688_JaffaCakes118

Files

070e5563b6470a0a63fabcc4b806c688_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f96fe8ad754c51f9678fed8120063ac2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
GetCurrentProcess
GetCurrentThread
VirtualAlloc
GetCurrentProcessId
IsDBCSLeadByte
GetModuleFileNameA
GetModuleHandleW
TlsSetValue
GetDriveTypeW
GetACP
TlsFree
GetSystemDefaultLangID
lstrcmpA
FreeLibrary
GetCurrentThreadId
GetSystemDefaultLCID
GetCommandLineA
GetLogicalDrives
TlsAlloc
lstrcatA

user32

GetWindowTextA
GetWindowTextLengthA
BeginPaint
IsWindowVisible
GetWindowLongA
GetFocus
UpdateWindow
CreateWindowExA
GetWindowDC
GetActiveWindow
ShowWindow
ReleaseDC
GetDC
IsIconic
GetSystemMetrics
GetForegroundWindow
RegisterClassA
GetWindow
GetClassLongA

shell32

StrChrIA
StrRChrA
StrCmpNA
StrChrA
StrCmpNIA
StrRChrIA

msctf

DllCanUnloadNow
DllGetClassObject
TF_GetThreadFlags
DllRegisterServer

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ