363164c7a4963049513bc97fb94a75f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

363164c7a4963049513bc97fb94a75f7_JaffaCakes118
Size

381KB
MD5

363164c7a4963049513bc97fb94a75f7
SHA1

e7de207c57ba0d24a730790a1e95219ba7d55fee
SHA256

60a86f35d82b958f32b23d4a8e919a9e6f4935082699e214445481950da84668
SHA512

0f351d8a50f2326587ef74e823b1911e0bc9a420e4ce8a5773bf748972e18e4316dbae720d8754a83b755cf28690907f384f8196b52206602f1ee4119e1e1d57
SSDEEP

6144:g/SzxYRMkt0HEAT1fxhcMxW2pL7lv6w2K/PkFtR6sFHYnHFWhTyHVEOSQTQiJY7:g/S9YRMZHEAJLjpFv6w2K/PkFtlVMHFm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
363164c7a4963049513bc97fb94a75f7_JaffaCakes118

Files

363164c7a4963049513bc97fb94a75f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7b3637bc6f9eac14802b68fb6ab92d12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
IsBadStringPtrW
TlsGetValue
WriteFile
HeapCreate
GetCurrentThreadId
CloseHandle
LoadLibraryW
CreateEventW
FindClose
GetPrivateProfileStringA
GetCurrentProcessId
ReleaseMutex
GetDriveTypeA
LocalFree
lstrlenW
GetEnvironmentVariableW
ReleaseMutex
InitializeCriticalSection
GlobalFlags

user32

CreateWindowExA
CallWindowProcW
GetSysColor
DispatchMessageA
DrawTextA
GetClientRect
GetKeyboardType
DrawStateW
GetClassInfoA
IsWindow
EndDialog
SetFocus
GetSysColor

pnrpnsp

NSPStartup
NSPStartup
NSPStartup
NSPStartup
NSPStartup

advapi32

InitializeSid

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ