21e39443120b8d1b4d4b3fcc188e0e5d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21e39443120b8d1b4d4b3fcc188e0e5d_JaffaCakes118
Size

314KB
MD5

21e39443120b8d1b4d4b3fcc188e0e5d
SHA1

0a0a3da933935d0586bf9bb9b4459de1ac187694
SHA256

27c152ae8a875b3811c614fb7569e85c8622c6ad6456a907e32dd98045a6f282
SHA512

ade36982c214dcbb9fca4a6ca666006269ad1ecc29943d836d3266c6b5d64b90d5b81533271449c3712e708a9a12f60b6f873b7767a54c8a8aeedb6e8b13a45a
SSDEEP

6144:J4f5pjA6EstDkoCDuG6K4nY+zIZJz5GyCY6ootoA4t/T4RgU0:UA6ESDkoUuBfqR50YPot3e/Tg6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21e39443120b8d1b4d4b3fcc188e0e5d_JaffaCakes118

Files

21e39443120b8d1b4d4b3fcc188e0e5d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fa3093cbd43c9c3143d20b96a1e9fd13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetCommState
GetProcessHeap
GetStdHandle
VirtualAlloc
LoadResource
LocalSize
GlobalFree
SetCommBreak
GlobalAddAtomA
DeleteAtom
ExitThread
CloseHandle
RaiseException
GlobalCompact
EnterCriticalSection
GlobalFindAtomA
GlobalLock
GetProfileStringA
LoadLibraryExA
lstrcpyn

user32

IsIconic
ReleaseDC
AlignRects
GetParent
DrawEdge
GetActiveWindow
EndPaint
GetWindowTextLengthA
GetClassNameA
ShowWindow
GetWindow
CloseWindow
BeginPaint
ValidateRect
GetForegroundWindow
GetFocus
GetDC
GetWindowTextA
GetClassInfoExA

wsock32

WSAAsyncGetServByPort
WSAGetLastError
WSAStartup
WSASetBlockingHook
WSACleanup

duser

AutoTrace

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ