1bb912648224e5de3321e9a0e09d8393_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1bb912648224e5de3321e9a0e09d8393_JaffaCakes118
Size

174KB
MD5

1bb912648224e5de3321e9a0e09d8393
SHA1

d86cf93f6c06750abeb8b0094032cfcaa35cd321
SHA256

23ee8adb08445e97dad7dcbce5ea765e55eb8736053838c216967687feb5d4e2
SHA512

32c86f129f62f647c5047b86e4835acc0044c72269427152783a931933173950a443b2d98bc7e057376a775a6b4c9a1e69cc2e8abb886378294868006e99c55b
SSDEEP

3072:LhuSjZw/QEioOAFgrn7ZJGLD9gciNxAFbpCnXwvLM857z2PPdmUoSYlDyMfrNyG:F/AXOegbVJGLD4NxARpKmMkvuoOMfp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bb912648224e5de3321e9a0e09d8393_JaffaCakes118

Files

1bb912648224e5de3321e9a0e09d8393_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f832f545af40cb0c07cfff6a6e8db6d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

ole32

CoGetMalloc
CoTaskMemFree
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoQueryProxyBlanket
CoCreateInstance
CoInitializeEx
StringFromGUID2

user32

SendMessageA
IsWindow
GetDlgItem
CreateWindowExW
EnumChildWindows
DestroyWindow
GetWindowThreadProcessId

kernel32

IsValidCodePage
EnterCriticalSection
ReadFile
GetCalendarInfoW
SetEndOfFile
HeapDestroy
GetACP
HeapReAlloc
GetStartupInfoA
VirtualAlloc
RaiseException
ExitProcess
EnumResourceNamesA
GetOEMCP
SetFilePointer
FreeEnvironmentStringsA
HeapCreate
DeleteCriticalSection
HeapSize
LeaveCriticalSection
RtlUnwind
InitializeCriticalSection
GetCPInfo
VirtualFree
SetEnvironmentVariableA

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ