098ddbe6187b572c4bb9017137d81e12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

098ddbe6187b572c4bb9017137d81e12_JaffaCakes118
Size

30KB
MD5

098ddbe6187b572c4bb9017137d81e12
SHA1

5ac5fbbedde0a0da07e92663567ec84b9366600b
SHA256

20ee7b597388441191acc901bd65bcfd9f6d11bd1decfd93a85da06e3dba5287
SHA512

01a590dccf74a7496c6545a5dd4f8b136377c5b58329ae2fb88e0b0fca9cb106c8b1963410f64c035b010a55a7fb392554f7c4412afc8a181e948f547df70f97
SSDEEP

768:oHa5t1erSiAb766Kz/GksGij2j0OHATIwDUFQa8SStunZptfyRx:X5t1erSiAbOz+JPyj3gMwDK98ubVc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
098ddbe6187b572c4bb9017137d81e12_JaffaCakes118

Files

098ddbe6187b572c4bb9017137d81e12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6f8bf1efdcc4e3f66abc78a8587b26fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
HeapCreate
GetStdHandle
CreateMutexA
CloseHandle
FindResourceA
LoadLibraryExW
LocalFree
GetModuleHandleA
CreateFileA
SetLastError
GetConsoleMode
GlobalUnlock
GetCurrentThreadId
ReleaseMutex
TlsGetValue
SetEnvironmentVariableA
lstrlenW
Sleep
GetPriorityClass

user32

CheckRadioButton
GetIconInfo
DrawMenuBar
DrawEdge
GetDC
DispatchMessageA
FillRect
GetDlgItem
SetFocus
IsWindow
GetCaretPos
CallWindowProcA
CopyRect

apphelp

SdbGetDatabaseID
SdbCloseDatabase
ApphelpCheckIME
SdbFindNextTag
SdbFindFirstTag

clbcatq

ComPlusMigrate

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE