14a4849d9fc465824729666d768f061f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14a4849d9fc465824729666d768f061f_JaffaCakes118
Size

317KB
MD5

14a4849d9fc465824729666d768f061f
SHA1

5694821d9ba436a3f33fbdbb24bd2a48f85550e1
SHA256

781abad0e6fc9d4bbb2abfaba19872b73f34d06d1f6c348ee47cb4c8dba272bd
SHA512

3b964ecd32a09e9d2b1f76f01a78e8c4032cb67aa957314aff5102409ec3c112ed2467663b9ad5f6324518454b9f636b3cf633669db05d3f89693cc5d4215a5d
SSDEEP

6144:RxvERPh5qe7/JFB7XYdjSYGioU8DmiUtH:RyRP2e7/JFTD1UtH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14a4849d9fc465824729666d768f061f_JaffaCakes118

Files

14a4849d9fc465824729666d768f061f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ce10c235471da0a96422a7280104511d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsolePalette
EnterCriticalSection
GlobalUnlock
WriteProfileStringA
DeleteAtom
GlobalAddAtomA
GlobalFree
HeapCreate
LocalFree
LoadLibraryExA
RaiseException
GetStdHandle
LoadResource
GetOEMCP
GetLastError
SetCommBreak
VirtualAlloc
lstrcat
CloseHandle
IsBadCodePtr
GlobalAddAtomA

user32

GetForegroundWindow
GetWindowTextLengthA
ValidateRect
GetClassInfoExA
AlignRects
IsIconic
GetFocus
GetActiveWindow
GetClassNameA
GetParent
CloseWindow
GetWindowTextA
GetWindow
DrawEdge
EndPaint
ReleaseDC
GetDC
BeginPaint
ShowWindow

wsock32

WSAStartup
WSACleanup
WSAAsyncGetServByPort
WSASetBlockingHook
WSAGetLastError

linkinfo

CreateLinkInfoA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ