0bfac1e067c8440ffcbf4dbfc18f9015_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bfac1e067c8440ffcbf4dbfc18f9015_JaffaCakes118
Size

17KB
MD5

0bfac1e067c8440ffcbf4dbfc18f9015
SHA1

b1de57bc23e41c7646941d93b172e4f58e6292d7
SHA256

c4cc7823332e44376c113141a5eb34177855f14af70f05746b1225a0071ccb78
SHA512

cbbb3c81a92d38c8ff22aa1dd181c1d8c3a99e5305c956daeff9512bfb2018c9aca8967540a2efffdfaef10e1016753a2e310e43657fad2f7ba0be007900fe38
SSDEEP

384:fnD9r3BdcysFXJ+VkpJUxO6Hmll/YtCVho3Smg:L9r3wjZ+VaUkn8lCmg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bfac1e067c8440ffcbf4dbfc18f9015_JaffaCakes118

Files

0bfac1e067c8440ffcbf4dbfc18f9015_JaffaCakes118
.exe windows:1 windows x86 arch:x86

24531ad8012ca6fc0357f316c1e643ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateEventW
EnterCriticalSection
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetProcAddress
GetProcessHeap
GetTickCount
GetVersionExA
HeapDestroy
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
ReadFile
Sleep
UnhandledExceptionFilter
VirtualAlloc
lstrlenA

user32

BeginPaint
CharNextW
CreateWindowExW
DefWindowProcW
DialogBoxParamW
DispatchMessageW
EndPaint
GetClientRect
GetDlgItem
GetParent
GetSystemMetrics
GetWindowLongW
GetWindowRect
InvalidateRect
KillTimer
LoadStringW
MessageBoxW
PeekMessageW
PostMessageW
SetCursor

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ