0c8917242a7a446b80ce696737831012_JaffaCakes118 | Triage

Sharing

General

Target

0c8917242a7a446b80ce696737831012_JaffaCakes118
Size

416KB
MD5

0c8917242a7a446b80ce696737831012
SHA1

8a46bf6871ff67e0c25b8c24b871c1075cc56d20
SHA256

6b9f20b58d94d101e6091ed2a76d6fb5345e37561c21ec9f8c0043947b5880d9
SHA512

19a17db5bd339c30794285da8d311e0d4cba9d5994f2a7feaa7e961c1b7c5ecb1e098261a53d45777b29355ea5dc2d646620ae750dfc9440e15e95351d870a52
SSDEEP

12288:XZ6TIoft2yugll2jnAaeX6mXM3W4/Plf:XZ6glQlCn0X6X3WoNf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c8917242a7a446b80ce696737831012_JaffaCakes118

Files

0c8917242a7a446b80ce696737831012_JaffaCakes118
.exe windows:4 windows x86 arch:x86

13c0933a46bbd167676225c38777878e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GlobalAddAtomA
GlobalFree
VirtualProtect
FileTimeToLocalFileTime
RaiseException
EnterCriticalSection
LockResource
HeapCreate
Sleep
GetLogicalDrives
IsBadReadPtr
InterlockedExchange
SetErrorMode
GetCommandLineA
GetLastError
CloseHandle
GetLocaleInfoA
GlobalDeleteAtom
GetACP
LoadLibraryExA

user32

GetCursorPos
GetParent
GetActiveWindow
GetWindowTextA
GetClassNameA
DrawEdge
ValidateRect
ReleaseDC
EndPaint
wsprintfA
IsIconic
SetForegroundWindow
BeginPaint
FrameRect
GetFocus
ShowWindow
DrawTextA
GetMenuItemInfoA
GetWindow

httpapi

HttpAddUrl
HttpInitialize
HttpCreateHttpHandle
HttpTerminate
HttpRemoveUrl

msutb

GetPopupTipbar

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ