0e6b7db8b5697ccd084e1f2241db5adc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e6b7db8b5697ccd084e1f2241db5adc_JaffaCakes118
Size

196KB
MD5

0e6b7db8b5697ccd084e1f2241db5adc
SHA1

3718d9ae2413f1576b6c8e888c9efd2fd7327813
SHA256

0b18cf7b39cdab0bed8da191f21c8831931a4427fb685598ceaf9a5dc6e74207
SHA512

25ea6352112cbe2117bc3c726964224693e6ec32aa674083b03ceaeacb938f4d73f6e9eba64693660087d272502d6a0913955d497b25ca1178c39566a38b4759
SSDEEP

3072:gYmv3jbe2+0hJOZ4McNGNMWVwNezepOeaiczye:i3hnNMMWoezepJazye

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e6b7db8b5697ccd084e1f2241db5adc_JaffaCakes118

Files

0e6b7db8b5697ccd084e1f2241db5adc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0edd74c86f2d62b1c911278c7fd71fd2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProfileStringA
GlobalCompact
GetOEMCP
GlobalLock
DeleteAtom
LoadLibraryExA
GlobalFree
GetTapeStatus
ExitThread
GlobalFlags
FindAtomA
EnterCriticalSection
CreateHardLinkA
GetProcessHeap
FormatMessageA
GetCommState
ReadProcessMemory
ClearCommBreak
CloseHandle
VirtualAlloc
GetStdHandle

user32

ValidateRect
RegisterClassA
GetActiveWindow
GetFocus
CloseWindow
DrawEdge
EndPaint
GetClassNameA
ShowWindow
IsIconic
BeginPaint
GetWindowTextLengthA
ReleaseDC
GetForegroundWindow
GetWindow
GetWindowTextA
GetDC
GetParent
GetClassInfoExA

wsock32

WSAIsBlocking
WSAGetLastError
WSAStartup
WSACleanup
WSAAsyncSelect

dot3api

Dot3SetProfile

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ