14827faa9ed52625d054b52bb8ecfd80_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14827faa9ed52625d054b52bb8ecfd80_JaffaCakes118
Size

417KB
MD5

14827faa9ed52625d054b52bb8ecfd80
SHA1

6de78953b8a5629f46d8dd1157db8496c494434c
SHA256

565006489129619f9aec1bab06caad638e457f87bc71c7b8d0fd79b1ac358395
SHA512

8bf97ceda466aacf477b704f1ab1ee80dc8834cfa113c183cf87a262404ad39552d478abb31b3c9e85d4039fb0cec08f2bbc59c3f3446b60b8357da56a12ca1a
SSDEEP

12288:XP/wP44KyxQbaUzUuXUfgrpciNoixv4U3:Y4uLUzU8egtd/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14827faa9ed52625d054b52bb8ecfd80_JaffaCakes118

Files

14827faa9ed52625d054b52bb8ecfd80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cbf0b08aaf7b4cc92ff24660cc2255e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteAtom
GlobalFree
FindAtomA
VirtualAlloc
WriteProcessMemory
CloseHandle
LoadLibraryExA
LoadResource
EnterCriticalSection
GlobalAddAtomA
GetProfileStringA
ExitThread
GlobalCompact
GetCommState
GetProcessHeap
GlobalFlags
RaiseException
GetOEMCP
GlobalLock
ClearCommBreak
GetStdHandle

user32

EndPaint
IsIconic
GetDC
DrawEdge
GetWindowTextA
GetClassNameA
GetForegroundWindow
ReleaseDC
RegisterClassA
GetFocus
BeginPaint
GetClassInfoExA
GetWindow
CloseWindow
GetActiveWindow
GetParent
ShowWindow
ValidateRect
GetWindowTextLengthA

wsock32

WSAGetLastError
WSAAsyncSelect
WSAStartup
WSAIsBlocking
WSACleanup

dot3api

Dot3SetProfile

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ