226c1100e403c4a3496aa528546973dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

226c1100e403c4a3496aa528546973dc_JaffaCakes118
Size

441KB
MD5

226c1100e403c4a3496aa528546973dc
SHA1

7d9bdf05a68a558f638bf437fdf6c39670a2dfed
SHA256

16e57c3124ee93c5156bae9098506bdd3d22edeeb063cc0cab8d976391c51d06
SHA512

c2a6eae37cf0ca6179c29673be7816c9154c7ba159925a80331f10e34aff6ac9732922983cefdee9c869e4d074cc9a6521c9c296a960e2817109473a565d6af9
SSDEEP

6144:jZG2kb+Kdt6TGT3kVrKHXRuq/ce2xFaZ8E40xugx+bPeM40SGxS:GEyT0VrKMgDoC8E4+ug0bvvNx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
226c1100e403c4a3496aa528546973dc_JaffaCakes118

Files

226c1100e403c4a3496aa528546973dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0807b6b719325eb7cd557b8f67a5a8a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
VirtualAlloc
ExitProcess
ReleaseMutex
LocalHandle
GetUserDefaultLangID
FindAtomA
GetProfileStringA
GlobalLock
CreateMailslotA
GetStdHandle
EnumDateFormatsA
CreateJobSet
GetOEMCP
GlobalFlags
GetVolumePathNameA
GetProcessHeap
GetModuleHandleA
GlobalFree
GetProfileIntA
GetTapeStatus

user32

GetClassNameA
GetParent
ShowWindow
GetWindowTextLengthA
GetForegroundWindow
EndPaint
DrawEdge
CloseWindow
GetFocus
GetWindowTextA
ReleaseDC
IsIconic
GetClassInfoExA
BeginPaint
GetDC
RegisterClassA
ValidateRect
GetActiveWindow
GetWindow

shell32

SHChangeNotify
SHGetMalloc
SHBrowseForFolderA
SHGetFolderPathA
SHGetFileInfoA

userenv

GetGPOListA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ