33f319ce11f037f876814558f1595caa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33f319ce11f037f876814558f1595caa_JaffaCakes118
Size

180KB
MD5

33f319ce11f037f876814558f1595caa
SHA1

8ca6f93d9061524fd5d178de5af0b16fc538eb1c
SHA256

c486cd2ce919731b7a7a595b6a73fcdf68894621d7cb61a63b321501a2944da9
SHA512

620af311d97a5074e7717a9b6940bbc6a37948df181f582433b1e32f4cf9c0596299f8b66d0b762886c1f43304fe9202203cbdff14621dd37722e8a373ec041d
SSDEEP

3072:p8zsq+wXfsPDRJt8lPuRYr8WkRAml7Q4fnT74KAxrs0SHbU8kO90b6Cx:+KwXfsPr5pAW7QbKAx8HbUzOGjx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33f319ce11f037f876814558f1595caa_JaffaCakes118

Files

33f319ce11f037f876814558f1595caa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3096358df5e27c52e7e0b56f3475184

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLongPathNameW
GetVersion
GetFileAttributesA
InterlockedDecrement
SetThreadContext
DeleteCriticalSection
GetProcAddress
MultiByteToWideChar
EnumResourceNamesA
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
ExitProcess
lstrcpynA
InitializeCriticalSection
DisableThreadLibraryCalls
InterlockedIncrement
GetLocaleInfoA

clusapi

CloseCluster

user32

SetWindowRgn
UnregisterClassA
GetDlgItem
PtInRect
GetWindowRect
MoveWindow
EndPaint
SetDlgItemTextA
GetKeyState
LoadAcceleratorsA
GetActiveWindow
BeginPaint
OffsetRect
SetWindowLongA
DefWindowProcA
GetDC
SetFocus
DestroyWindow
EqualRect
IntersectRect
CharNextA
ReleaseDC
SetParent

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ