0e710e62106e53905dc66d65a70097c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e710e62106e53905dc66d65a70097c1_JaffaCakes118
Size

312KB
MD5

0e710e62106e53905dc66d65a70097c1
SHA1

ddba0cae3458c19f2adc083f26c1a1f03f8563cc
SHA256

1bc2eb609eb5657deb659d89de0fefaf91a9532024fbfa73d8bdeeb7c886e6ea
SHA512

95dabd1e311eb320e52bcf4bf8c071040fca860a47c49bb8fb4a833c2395d8e9c376e3ab5b1a1e5b34a255b8216dc619c08445d7a98f5811f612b02065103f1c
SSDEEP

6144:u0bn8YMs5a8nqK7eEvRoOY5Oka6Q2iH0699R2rF531xjk:uqn8FK7eEvyOY8kb/c4p91K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e710e62106e53905dc66d65a70097c1_JaffaCakes118

Files

0e710e62106e53905dc66d65a70097c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1efcd4e266745e8571ee014bf849f2fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
CreateMutexA
GetStdHandle
GetModuleHandleA
CreateThread
TlsGetValue
CompareStringA
GetPriorityClass
ReleaseMutex
GetExitCodeThread
GetOEMCP
GetVolumeInformationA
SetEvent
GetThreadLocale
VirtualAlloc
GetUserDefaultLangID
CreatePipe
GetProcessHeap
GetConsoleCP
IsDBCSLeadByte
GlobalFindAtomA

user32

GetSystemMetrics
IsWindowVisible
GetForegroundWindow
GetClassNameA
GetFocus
RegisterClassA
GetDC
GetActiveWindow
GetWindowTextA
IsIconic
CloseWindow
GetWindowTextLengthA
InvalidateRect
ReleaseDC
ShowWindow
GetClassInfoExA
ReleaseDC
GetWindow
ValidateRect

shell32

SHGetFolderPathA
SHGetFileInfoA
SHCreateShellItem
SHChangeNotify
SHBrowseForFolderA

ntdsapi

DsBindA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ