0d8a63216a144f6e2400e08292a0c590_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d8a63216a144f6e2400e08292a0c590_JaffaCakes118
Size

415KB
MD5

0d8a63216a144f6e2400e08292a0c590
SHA1

1641fe40fcb1d2b476b8b1dd4e55d96c05f20930
SHA256

3a6bcb9d51691e177e8bf842c4e0b96ab3e47925bc9ece9438b8c607aa67509c
SHA512

ca4fb0a76f0c71e19f7f813201b4f0ea053c1925fc1501f2c7e6be9abb706199bb17b943ef54a7104cdf89aa526c2a3447fa4c243c3c1c9052dc8da6ae2e2a1d
SSDEEP

12288:CZ6TIoft2yugll2jnAaeX6mXM3W4/Plf:CZ6glQlCn0X6X3WoNf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d8a63216a144f6e2400e08292a0c590_JaffaCakes118

Files

0d8a63216a144f6e2400e08292a0c590_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3231fb3151c89f9c935c2f52982433b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomA
LoadLibraryExA
VirtualProtect
SetErrorMode
GetLocaleInfoA
InterlockedExchange
GetStdHandle
GlobalFree
FileTimeToLocalFileTime
GetCommandLineA
EnterCriticalSection
GetLastError
GetLogicalDrives
Sleep
IsBadReadPtr
CloseHandle
GlobalDeleteAtom
GetACP
HeapCreate
LockResource
RaiseException

user32

SetForegroundWindow
ShowWindow
DrawEdge
DrawTextA
GetMenuItemInfoA
FrameRect
GetClassNameA
ValidateRect
GetParent
GetWindow
ReleaseDC
EndPaint
BeginPaint
wsprintfA
IsIconic
GetWindowTextA
GetCursorPos
GetFocus
GetActiveWindow

httpapi

HttpAddUrl
HttpRemoveUrl
HttpTerminate
HttpCreateHttpHandle
HttpInitialize

msutb

GetPopupTipbar

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ