0ba42cc19debbfc0539808e5330c0892_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ba42cc19debbfc0539808e5330c0892_JaffaCakes118
Size

38KB
MD5

0ba42cc19debbfc0539808e5330c0892
SHA1

28a63c8429709f900f6b3150b9c701b8dc706b68
SHA256

0c2014e9f50219b7d2e88d3d90d9d172084bc5783f56ecaac73c29fe6bba12b8
SHA512

672297504649d0f81a4be64015cbf8900437a160ced90015a02ca57f69cff04b6bccd81b855c5ae610c2614b56347fe3a6319dbd793483ad3edb8e0873ca8ccf
SSDEEP

768:PjneiX0+++xIOHnb5CdlkUjkwK2cwUah4m0hdas1Nb5JR:bnBX0TkHlCdlie2hdas195JR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ba42cc19debbfc0539808e5330c0892_JaffaCakes118

Files

0ba42cc19debbfc0539808e5330c0892_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c51dc529b5c23d0417b0a5a5136b6d6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeConsole
GlobalAddAtomA
DeleteAtom
SetConsolePalette
EnterCriticalSection
CloseHandle
GetOEMCP
VirtualProtect
RaiseException
LoadLibraryExA
WriteProfileStringA
GetStdHandle
LocalFree
GlobalUnlock
HeapCreate
LoadResource
GlobalAddAtomA
GlobalFree
GetLastError
IsBadCodePtr
lstrcat

user32

EndPaint
GetClassInfoExA
GetWindow
GetWindowTextA
GetDC
GetFocus
IsIconic
GetParent
GetWindowTextLengthA
DrawEdge
GetActiveWindow
ReleaseDC
BeginPaint
GetClassNameA
AlignRects
CloseWindow
ValidateRect
GetForegroundWindow
ShowWindow

mprapi

MprAdminUserRead
MprAdminUserOpen
MprAdminUserWrite
MprAdminUserClose
MprAdminUserGetInfo

linkinfo

CreateLinkInfoA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ