0f8ff016b592a07724226dda7f27592b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f8ff016b592a07724226dda7f27592b_JaffaCakes118
Size

338KB
MD5

0f8ff016b592a07724226dda7f27592b
SHA1

931ae490314f3d8794b808a522d4b53581526323
SHA256

7a6356317e05a79ada8ec3474790ee9a05b4665e1e802493735056c229d098c5
SHA512

94234f90cb6fb2859028a229a83df5a7bb8855cd630cc539bad85672e97d81177819dbf76cff6099070e3143580ae8a031bd2aba3bee1fb4860e087d60eda466
SSDEEP

6144:7dZYEWJKPJGXiULZJZHmF4kMq7nN2o6iYlr1f6TfHJN2c4spieZnu:pZYEcKRTUXlmF4kMqjRclZ6jHJN2M6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f8ff016b592a07724226dda7f27592b_JaffaCakes118

Files

0f8ff016b592a07724226dda7f27592b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee900ffda76dc661526965c1c5ff3af6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
CancelIo
EnumResourceTypesW
GetSystemTime
VirtualProtectEx
FreeConsole
GetModuleHandleA
CloseHandle
IsDebuggerPresent
GetLastError
LoadLibraryExW
IsBadReadPtr
GlobalLock
GetConsoleTitleA
ResetEvent
GetStdHandle
lstrlenA
Heap32First
GlobalUnlock
CreateMutexA

user32

IsIconic
DialogBoxParamA
GetKeyState
EnumWindows
EndDialog
GetDlgItemTextA
CloseWindow
CreateWindowExA
CopyImage
GetParent
GetMessageA
GetDlgItemInt
GetMessageA
MessageBoxA

setupapi

MyFree
IsUserAdmin
MyRealloc
SetupCloseLog
SetupCopyErrorA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ