18a7a54be39eaf7a4a8c4d51c9d7d417_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18a7a54be39eaf7a4a8c4d51c9d7d417_JaffaCakes118
Size

258KB
MD5

18a7a54be39eaf7a4a8c4d51c9d7d417
SHA1

ab518960070fd28e171d4ff13a7259c931a36b4a
SHA256

d4a37a635af78d2307bf2f38415d390e2460a62324dd164f8b0a9d69395c5ed5
SHA512

e1758e9c9ce1a90ef4e0fc18b8e75c7756095c8830f5dce64c23b6c3ee1c0e3ea7deb13b829c2a95798405599e86a9984d310656d78aa88ce798d0809a920276
SSDEEP

3072:QP6QYsDdsWin3wRl77ig3WQdEM0MvsK1pjvE1yrOma50y6Yyw8zuCoHEf9o1it:+NDKxwRR7d3noK1pzlSma50VzMEcY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18a7a54be39eaf7a4a8c4d51c9d7d417_JaffaCakes118

Files

18a7a54be39eaf7a4a8c4d51c9d7d417_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a121b70d9ee5d1bbeb369b3b117ab43

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GlobalFree
GetCommState
GlobalFlags
GetOEMCP
FormatMessageA
FindAtomA
ClearCommBreak
GetTapeStatus
GetStdHandle
CloseHandle
CreateJobSet
GetVolumePathNamesForVolumeNameA
GlobalLock
GetModuleHandleA
GetProfileStringA
GetUserDefaultLangID
ExitProcess
VirtualAlloc
EnterCriticalSection
CreateHardLinkA

user32

GetWindowTextLengthA
GetForegroundWindow
ShowWindow
GetClassNameA
ReleaseDC
GetWindow
DrawEdge
IsIconic
GetDC
RegisterClassA
CloseWindow
ValidateRect
GetClassInfoExA
GetActiveWindow
GetWindowTextA
EndPaint
GetFocus
BeginPaint
GetParent

wsock32

WSACleanup
WSAIsBlocking
WSAAsyncSelect
WSAGetLastError
WSAStartup

lpk

LpkInitialize

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ