0f7be3dfe3aab8ea551fb15d75988c75_JaffaCakes118 | Triage

Sharing

General

Target

0f7be3dfe3aab8ea551fb15d75988c75_JaffaCakes118
Size

413KB
MD5

0f7be3dfe3aab8ea551fb15d75988c75
SHA1

c687e192a6706884830193c0ff2f0d667fb1f5f1
SHA256

0088df85a1dcd50422efdc56502711e7423543343ac575d587e0ba25fdf8dea4
SHA512

7facf33bc83862124a78c977339e6cf07d73b842e52aa947ca70cb1a21b8cad4e3cd9689338bfe4df058ac0f4b0a2bb6ff925330086949832941d55e693cf263
SSDEEP

6144:nzbThEVFmqqsAxUK45IjPHimC/zN0efxA0878PwW:nPWvmqVAIaimC/GGxDC8I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f7be3dfe3aab8ea551fb15d75988c75_JaffaCakes118

Files

0f7be3dfe3aab8ea551fb15d75988c75_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4d08c4f3a9fc33f93c73287c2a6a626

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
IsDBCSLeadByte
CreatePipe
GetModuleHandleA
GlobalFindAtomA
CompareStringA
CreateThread
GetThreadLocale
GetVolumeInformationA
CreateMutexA
GetStdHandle
SetEvent
GetPriorityClass
TlsGetValue
GetOEMCP
GetUserDefaultLangID
TlsFree
ReleaseMutex
GetProcessHeap
GetConsoleCP
GetExitCodeThread

user32

GetWindowTextA
GetWindow
GetSystemMetrics
GetActiveWindow
CloseWindow
RegisterClassA
GetForegroundWindow
GetFocus
GetDC
IsWindowVisible
GetClassNameA
IsIconic
ShowWindow
GetClassInfoExA
InvalidateRect
ReleaseDC
ValidateRect
DrawTextExA
GetWindowTextLengthA

shell32

SHGetFileInfoA
SHGetMalloc
SHGetFolderPathA
SHBrowseForFolderA
SHChangeNotify

userenv

LoadUserProfileA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ