297e231912fa5d13435cc961a5d74128_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

297e231912fa5d13435cc961a5d74128_JaffaCakes118
Size

230KB
MD5

297e231912fa5d13435cc961a5d74128
SHA1

fb85434192c8be60216dd22b7845d9d083751671
SHA256

90c62df61dfaec5b8c2fab3f8ebf72af2555da6ffc4790cfee038d36f8021095
SHA512

92bf7c97ee362682b5a5c2cba6cd5c6ca548cb88737e9ffcc15296b274c032f9c26539bc63d09760bb31400354b312d8cc05702d113caa358e41de93a21bb6f9
SSDEEP

6144:IhPYirbVPFCoYBU/K9Jpk9RWWhpX+WUht:sYfU/K9JpeRhpuWU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
297e231912fa5d13435cc961a5d74128_JaffaCakes118

Files

297e231912fa5d13435cc961a5d74128_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ed8e6d93342eb4147b1c0435c940bdd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
FileTimeToSystemTime
FindFirstChangeNotificationA
InterlockedIncrement
MapViewOfFileEx
WriteProcessMemory
GetBinaryTypeA
GetPrivateProfileSectionA
VirtualAllocEx
EnumSystemLocalesA
VirtualFree

user32

ReplyMessage
GetClassNameW
LoadStringA
OffsetRect
DdeConnectList
SetThreadDesktop
SendMessageCallbackA

gdi32

GetCharABCWidthsW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE