1a195a2129155c95ea0d4291e4f711f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a195a2129155c95ea0d4291e4f711f7_JaffaCakes118
Size

313KB
MD5

1a195a2129155c95ea0d4291e4f711f7
SHA1

c66e4e535ed96b482276375cde969009e97cfac6
SHA256

8e8a9345ecb2ccdefd317e9c8de8ec986f4f83466943753eaa2c5a42a6674b31
SHA512

db424b4856c1387e6703f133831c01dd94e15ae2de885897519b344e31714ad807bef4440a40003e9a2263f5f5c4f62b70caf7ab6c9da8da1a8020985e38706f
SSDEEP

6144:+XkCB9cOEvq8MtzT9eg+VdeDPFhOyuKW/EXBfZnibHjFgJkWOK:EkCBO7EzU3ODdhOyuKfXnib5gEK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a195a2129155c95ea0d4291e4f711f7_JaffaCakes118

Files

1a195a2129155c95ea0d4291e4f711f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a4a156e699d1be6c511b7bf8f9ba406

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
ExitThread
lstrcpyn
GetProfileStringA
CloseHandle
GetCommState
RaiseException
GetStdHandle
GlobalFindAtomA
GlobalFree
VirtualAlloc
GlobalAddAtomA
GetProcessHeap
LoadResource
LocalSize
GlobalCompact
SetCommBreak
DeleteAtom
GetOEMCP
EnterCriticalSection
GlobalLock

user32

GetActiveWindow
GetParent
EndPaint
IsIconic
BeginPaint
GetWindowTextA
GetForegroundWindow
GetClassInfoExA
DrawEdge
GetWindowTextLengthA
GetDC
GetClassNameA
ShowWindow
ReleaseDC
GetWindow
GetFocus
ValidateRect
AlignRects
CloseWindow

wsock32

WSAGetLastError
WSASetBlockingHook
WSAStartup
WSACleanup
WSAAsyncGetServByPort

duser

AutoTrace

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ