0c300d0c37b38ba3e79b7597b0257cef_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c300d0c37b38ba3e79b7597b0257cef_JaffaCakes118
Size

800KB
MD5

0c300d0c37b38ba3e79b7597b0257cef
SHA1

8f83a9c38eab8f93584b438b6389aa818d38315a
SHA256

5f5e5568205ff473f847e53aa35c0712e4e31c4756ef224a977d1bb0ce7b9b1d
SHA512

a1415747eacc61407f32b98e16004104d8244a53a48b8fa151f34e6ed0ee84a934365727edc276584b2c70b994b67e6709592aee4b9a728b884941409a0fb4cd
SSDEEP

12288:iB7oJbfcPLq7j7dcWq2h6/xdg/A7ztJhjrDfgGrwn+7vRPBeHbagmVr:VcPmfSWql/4IztJhXDRwn+zRPBeFmVr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c300d0c37b38ba3e79b7597b0257cef_JaffaCakes118

Files

0c300d0c37b38ba3e79b7597b0257cef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62e0bc471ac59e329cbc8ffb60c886de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateNamedPipeW
GetStartupInfoA
lstrcpyW
CreateProcessInternalA
UnregisterConsoleIME
WritePrivateProfileSectionA
DefineDosDeviceA

user32

DispatchMessageA
VkKeyScanExW
WCSToMBEx
CheckMenuItem
LoadStringW
ClipCursor
DefFrameProcW
AdjustWindowRectEx
MapVirtualKeyA
UpdateLayeredWindow
FillRect
SendNotifyMessageA

gdi32

EngLockSurface
GetDeviceGammaRamp
EnumFontFamiliesExW
ModifyWorldTransform
GetCharWidthFloatW
GdiTransparentBlt
GetRandomRgn
OffsetViewportOrgEx
ResetDCA
SetWinMetaFileBits
SetDCPenColor

Sections

CODE
Size: 12KB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 704KB - Virtual size: 701KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pack32
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE