19a99ae314b5165e4842e0cf683bdc99_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19a99ae314b5165e4842e0cf683bdc99_JaffaCakes118
Size

314KB
MD5

19a99ae314b5165e4842e0cf683bdc99
SHA1

23752bddc469af03eee04363e999756eb44f8d1c
SHA256

631d48caef8818db703181445e00fc90418f2449ed24a4181c4dc14082fc0227
SHA512

d1a27dd65a804edece206dddca89dda304bdd180bdb92d764fd7d6291fa2d6f46b4f426b2a2ec0c58cd62ad86e3d4fb6a83d483a7389a3feeeaf6b71c651a46f
SSDEEP

6144:i455h1Ac5RGffk9NCEqNcrWJYmzGPfsf0b2JcjXufn2fdDykh:R5ocWff0riYmCPXLK2F/h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19a99ae314b5165e4842e0cf683bdc99_JaffaCakes118

Files

19a99ae314b5165e4842e0cf683bdc99_JaffaCakes118
.exe windows:4 windows x86 arch:x86

963ff87443e7dc0a52b4600f0ee49bda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
VirtualAlloc
LoadLibraryExA
RaiseException
DeleteAtom
LoadResource
GetProcessHeap
ExitThread
LocalSize
GetProfileStringA
GlobalAddAtomA
CloseHandle
ClearCommBreak
GlobalLock
GetCommState
GlobalFindAtomA
GlobalCompact
GetOEMCP
lstrcpyn
GetStdHandle
GlobalFree

user32

GetParent
GetWindowTextLengthA
ReleaseDC
CloseWindow
GetClassNameA
ShowWindow
DrawEdge
GetWindowTextA
IsIconic
GetWindow
GetDC
EndPaint
GetFocus
BeginPaint
GetClassInfoExA
AlignRects
GetForegroundWindow
GetActiveWindow
ValidateRect

wsock32

WSASetBlockingHook
WSAStartup
WSAAsyncGetServByPort
WSACleanup
WSAGetLastError

duser

AutoTrace

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ