270840e836204b40a73d02def6f4c56f_JaffaCakes118 | Triage

Sharing

General

Target

270840e836204b40a73d02def6f4c56f_JaffaCakes118
Size

795KB
MD5

270840e836204b40a73d02def6f4c56f
SHA1

b700cf3d987dd8ef75013696dbd515638abc06e3
SHA256

5643e6693519b9e54451e446dd319c1f8a52e045c9a24eb7b901b894d2d5d6f8
SHA512

87a9c380f4746f02d1d36ae33ccce9fab0a03503cf259ca8557c8761bbbd163e4999486e9e4918468fe1ee7c1bbbafa3cf6346a10254be50d5ce5010abb89184
SSDEEP

24576:xRM7VN/c99hAzj60BFueyeNWNR3kl/B9ifL3Tj1W3H:xRM7VRc9DAzjJFubeNeRk/B9ifj1w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
270840e836204b40a73d02def6f4c56f_JaffaCakes118

Files

270840e836204b40a73d02def6f4c56f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d13713fb4602959d02c3d71670445141

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
LocalFree
TlsGetValue
InitializeCriticalSection
ReleaseMutex
FindClose
FindAtomA
ReleaseMutex
GetFileTime
lstrlenW
GetEnvironmentVariableW
GlobalFlags
GetPrivateProfileStringA
IsBadStringPtrW
HeapCreate
GetDriveTypeA
CreateEventW
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryW

user32

EndDialog
DispatchMessageA
IsWindow
DrawStateW
CreateWindowExA
SetFocus
DrawTextA
GetSysColor
CallWindowProcW
GetKeyboardType
GetSysColor
GetClientRect
GetClassInfoA

rastapi

DeviceDone
DeviceDone
DeviceDone
DeviceDone
DeviceDone

advapi32

InitializeSid

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 785KB - Virtual size: 785KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ