21038db946860614875bb61ebf0de86b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21038db946860614875bb61ebf0de86b_JaffaCakes118
Size

160KB
MD5

21038db946860614875bb61ebf0de86b
SHA1

5b5c8cec9c763f91492a17ebd1b1b34cf6f30534
SHA256

5089f10cf1116b04f707d45e941609ca1e0c405707cde6182a3a03bad23f2163
SHA512

c857c32ea25dfb5f38482be68dcfebc90f9cc98a426415d67651c9962c5281725c274043f1e4748e366f7f678931121869d9ab89a63895d78b33a96889e8bdf0
SSDEEP

3072:DWTO35xHpOLFfj39ScBlGna+aG+G01igwakhsVk1FtBdd0AOq:D0mjCfj3gcBIna+BL012q0Bdd09

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21038db946860614875bb61ebf0de86b_JaffaCakes118

Files

21038db946860614875bb61ebf0de86b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

915ca544e4038afed279f63461f4646a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
WriteFile
OpenFileMappingW
GlobalGetAtomNameW
ReadConsoleA
ExitThread
IsBadStringPtrW
CreateProcessW
GetComputerNameW
CommConfigDialogW

user32

SetWindowPlacement
EnumPropsW
RegisterClassW
FindWindowExA
RemovePropW
MessageBoxIndirectA
MapVirtualKeyExA
IsRectEmpty
DialogBoxParamA

gdi32

StartPage
CopyEnhMetaFileA
DeleteObject
PlayEnhMetaFileRecord
CreateDCA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 750B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE