38e35d3eb712cebb12cfba36888906f0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38e35d3eb712cebb12cfba36888906f0_JaffaCakes118
Size

199KB
MD5

38e35d3eb712cebb12cfba36888906f0
SHA1

2a431cde4caf23fa71f1e462a1e691263523a86b
SHA256

88aef527d3c6c7abe2fe2af5aa7dd2b3c23a6cd81b2e983f7721be9f431cd510
SHA512

b420ed7e9e65d4188ef8761f3287272a05ec0dfa392163082c6a306458fe8e5a591bf681ae151838fad86210f7a13dfef3b565cf4c60941baddf2f41b50c6e11
SSDEEP

6144:Fi16sDjJGYlZJyO7uSUgg5J/Qxglj0BJpsOkvcd:Fi9DJzUgg5PljMs3E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38e35d3eb712cebb12cfba36888906f0_JaffaCakes118

Files

38e35d3eb712cebb12cfba36888906f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f016723a48bc3920e78225ca3aa859a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
GetCurrentProcessId
CreateEventA
DeleteFileA
GetCurrentDirectoryA
GetFileSize
CreateMutexA
GetWindowsDirectoryA
ExitThread
SuspendThread
GetComputerNameA
WriteFile
LocalAlloc
GetCurrentThreadId
VirtualAlloc
GetSystemDirectoryA
GetModuleHandleA

user32

GetForegroundWindow
SendMessageA
PostMessageA
RegisterClassA
GetSystemMetrics
GetWindow
GetClassInfoExA
CreateDialogParamA
GetActiveWindow

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ