1b226875ed6388dc8598b04d71f98f88_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b226875ed6388dc8598b04d71f98f88_JaffaCakes118
Size

168KB
MD5

1b226875ed6388dc8598b04d71f98f88
SHA1

8a51c53b61fc451f775fbaed0dc5c036953b7ef5
SHA256

d29a00c35bb09a2a0ae66ca8799caf7b4995343ed9001ede7061ad2c149a472e
SHA512

aa24ec741385632c257ac2adb9b7b3777cb8e0e6dd9afa1443ba3f37905292ed0962ab643b90fce88f18c021854ede435c58431bc7c3178b8a657419c877baa7
SSDEEP

3072:M+Fq6DFxpAhlhX8RwKjVa0XP/xbzX0YK8P0VE/KDIDAuhe+auxFCddr:Pq6TyhlhXiwKRTPpP0i6E/y8e+aiF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b226875ed6388dc8598b04d71f98f88_JaffaCakes118

Files

1b226875ed6388dc8598b04d71f98f88_JaffaCakes118
.exe windows:4 windows x86 arch:x86

629019d6b928efefce9a8b2477ea26f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

SetCapture
RealGetWindowClassA
EnableWindow
UpdateWindow
ReleaseCapture
FlashWindow
ExcludeUpdateRgn
ValidateRect
ValidateRgn
GetCapture
DestroyWindow
IsWindow
InvalidateRgn
IsWindowEnabled
GetUpdateRgn

kernel32

ConvertFiberToThread
GetOEMCP
GetLocalTime
GetSystemDirectoryW
FindNextFileW
FileTimeToSystemTime
LocalFree
LoadResource
SetEnvironmentVariableW
FindClose
SetThreadIdealProcessor
LocalFileTimeToFileTime
LocalAlloc
FreeLibrary
SetErrorMode
FindFirstFileW
EnumResourceNamesW
GetCurrentProcess
GetStringTypeW
SetCurrentDirectoryW
RegisterWaitForSingleObject
CompareStringA
FindResourceW
IsBadReadPtr
GetShortPathNameW
SystemTimeToFileTime
FileTimeToLocalFileTime
LCMapStringW
SearchPathW

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imul
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ