31d0b8e210e085a2b2abe7d3f6104d99_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31d0b8e210e085a2b2abe7d3f6104d99_JaffaCakes118
Size

155KB
MD5

31d0b8e210e085a2b2abe7d3f6104d99
SHA1

d95eb8437a2c91070569d9cc5add2c6800a528b9
SHA256

6e7eda416a1641e1e4e9b369d923f68465c11406e7811da0130eb82cddce3504
SHA512

15752af7a1ef9728011aaeeeb5b5ac771d4575bd5910a7947e5ad058aa8d1922556588301909f77fb27b19a21b8703f3476929225bbd4ccc3b59d760f7975221
SSDEEP

3072:/Qcwqz7E7FDwvz+YldjGnL1+/pfB0dVOqmHgd:/bd7Ex+JfjQLGZ0DLnd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31d0b8e210e085a2b2abe7d3f6104d99_JaffaCakes118

Files

31d0b8e210e085a2b2abe7d3f6104d99_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3bd243b4fd8b59d043ef674cbe2e621

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFindAtomA
GetProcessHeap
GlobalCompact
DeleteAtom
ExitThread
CloseHandle
RaiseException
SetCommBreak
GetOEMCP
EnterCriticalSection
GetProfileStringA
GetStdHandle
GlobalAddAtomA
VirtualAlloc
GetCommState
LoadLibraryExA
LoadResource
GlobalFree
GlobalLock
lstrcpyn
LocalSize

user32

GetForegroundWindow
GetActiveWindow
AlignRects
EndPaint
GetFocus
GetClassInfoExA
ShowWindow
CloseWindow
GetClassNameA
GetWindowTextLengthA
GetWindow
GetParent
IsIconic
GetDC
ValidateRect
DrawEdge
GetWindowTextA
BeginPaint
ReleaseDC

wsock32

WSAGetLastError
WSACleanup
WSAAsyncGetServByPort
WSAStartup
WSASetBlockingHook

duser

AutoTrace

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ