398c5a5074cb00e7660dd595771cb9b8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

398c5a5074cb00e7660dd595771cb9b8_JaffaCakes118
Size

636KB
MD5

398c5a5074cb00e7660dd595771cb9b8
SHA1

ed2836223b3b8dd100d91a52d797b7d582b980e4
SHA256

642ab5f82b4f614bdd68ba615870b6cae8118cc1c5ce4313ac085874020f3ae6
SHA512

d9e795dc3361bcf06b3de71b8969aa48453d68fb7caa05e26aab6c70adb6802033bbb912253af9e30d8f1fcb5f3bf29f46a39011c553f66c582c3df37c1eb63e
SSDEEP

12288:BlWX70ib+Fg8kX44OVARiM09L7qssFxmbEBD8+BXljfr+u:Buwib+u8kX44eARifLWssHoObBXljS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
398c5a5074cb00e7660dd595771cb9b8_JaffaCakes118

Files

398c5a5074cb00e7660dd595771cb9b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

127dcfed8a9a1ad85019381a512d7578

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
GlobalUnlock
InterlockedExchange
HeapReAlloc
GetModuleHandleA
HeapCreate
VirtualProtect
GetCommandLineA
CompareFileTime
WaitForSingleObject
GetAtomNameA
SuspendThread
lstrlenA
GetTickCount
CloseHandle
WaitForMultipleObjects
LocalSize
GetStdHandle
LoadLibraryExA
GetConsoleCP
GetVersion

gdi32

BeginPath
GetRgnBox
DeleteObject
GetMetaFileA
GetStringBitmapA
CreateFontA
DeleteDC
Escape
AbortPath
GetFontData
EngLineTo
EndPath
GetTextColor
Ellipse
CreatePalette
CreateICA
GdiFlush
EqualRgn
GetMetaRgn
FloodFill

winmm

OpenDriver
CloseDriver
auxGetVolume
auxSetVolume
PlaySoundA

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ