3ab15bf73a7834b9e411246d571a4fe8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ab15bf73a7834b9e411246d571a4fe8_JaffaCakes118
Size

161KB
MD5

3ab15bf73a7834b9e411246d571a4fe8
SHA1

bc9b53264dc24bf8a1510de0e583d15373b8aaea
SHA256

fe4c2349698a656dd1708d71a602ed00a1e4b57974ae33028205f0527961705c
SHA512

d9cb064854354a3c05c2546974b5e11d6db4d679eef1a27b16ce9951280336dc342cfa909399796e61163b34cd0a4a06e86cc0a92a0c032633f1d4fe492cff58
SSDEEP

3072:uECxL6H6Ypam/wi4/paXkgRGWH4w75t3IAtyjt8U+1uiFTYBlhYAvpXYGP:uEmFiackaXxDH14eXYiFcBlhzvpIK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ab15bf73a7834b9e411246d571a4fe8_JaffaCakes118

Files

3ab15bf73a7834b9e411246d571a4fe8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c4a0ba5350bba0f80b80c937eb70b07c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ContinueDebugEvent
CopyFileA
CreateFileA
CreateProcessA
CreateThread
ExitProcess
FreeLibrary
GetFileSize
GetModuleHandleA
GetProcAddress
GetTempPathA
GetVersion
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
ReadProcessMemory
ResumeThread
SetFilePointer
SetUnhandledExceptionFilter
SuspendThread
TerminateProcess
VirtualAlloc
VirtualFree
VirtualProtect
WaitForDebugEvent
WaitForSingleObject
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA

user32

CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
GetMessageA
MessageBoxA
RegisterClassA
TranslateMessage
wsprintfA

comdlg32

GetOpenFileNameA

imagehlp

ImageNtHeader
ImageRvaToSection
ImageRvaToVa

forcelibrary

TrapEntry
ForceLibraryDBG
PerformCleanup

msvcrt

__getmainargs

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE