363c171f80decf95c527b78394a5d8ba_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

363c171f80decf95c527b78394a5d8ba_JaffaCakes118
Size

17KB
MD5

363c171f80decf95c527b78394a5d8ba
SHA1

492a74235a59e0d3d69dccac541660770acdfa50
SHA256

7009e3e07c3ce4f8fec5e1822e234422b0d68a5425ac6ccce6fa9b6f1fc5553d
SHA512

122599f5a1f8c439a21f1d715487cfeb28ff3362e20f0824bcd950833caa2bafc4dec7d77bac782978b483d301d6d5fa32c5ac8e932adb5028905209f961161f
SSDEEP

192:6kmxAqLrX/7AanF8FH5Eah6TbDvJVV/uqJoHTtBctyU59PkQk4NJqz4nmr:MAGrDAaFSqaQnDAnHTtutyUzkQk4vIq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
363c171f80decf95c527b78394a5d8ba_JaffaCakes118

Files

363c171f80decf95c527b78394a5d8ba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

202b3dc944f23db2e414e5733cd90273

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapCreate
VirtualProtect
GetStdHandle
LoadLibraryExA
SuspendThread
GetSystemDefaultLangID
WaitForMultipleObjects
InterlockedExchange
GetCommandLineA
LocalSize
CompareFileTime
CloseHandle
HeapReAlloc
GlobalUnlock
lstrlenA
GetConsoleCP
GetVersion
GetAtomNameA
GetTickCount
WaitForSingleObject

gdi32

GetMetaRgn
GetFontData
EqualRgn
GetMetaFileA
GetTextColor
GdiFlush
DeleteObject
AbortPath
FloodFill
GetStringBitmapA
CreatePalette
EngLineTo
DeleteDC
GetRgnBox
BeginPath
Escape
CreateFontA
CreateICA
EndPath
Ellipse

winmm

auxSetVolume
auxGetVolume
CloseDriver
OpenDriver
PlaySoundA

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ