3c88d2d12589a4047c1d550bb816f4eb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c88d2d12589a4047c1d550bb816f4eb_JaffaCakes118
Size

114KB
MD5

3c88d2d12589a4047c1d550bb816f4eb
SHA1

6bd32b5396571b11fde5dc9740e52b966caf6717
SHA256

7fc862697879f3ad30c3d6557a0ca300aba78e6dafab7bb37853d57c7172dfad
SHA512

acb3ce3de4f8527834a19d4be6b5686b0069c8c2e593753f5eee379af4ce64b613ddc36c062fb058380bb4eca3c6373ff388d208c6621fdaca2bdfab2b7a9f28
SSDEEP

3072:dD6dwgnjbq6TFjFHjckdJaWUnaH0+nWpDOWYXHJ:dopvq6jHj3JrUaLnWpCWa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c88d2d12589a4047c1d550bb816f4eb_JaffaCakes118

Files

3c88d2d12589a4047c1d550bb816f4eb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

27ef7112ecbcca34fb61cd41b57a109f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
lstrcpyW
SetThreadPriorityBoost
lstrcpyA
DeleteFileA
SwitchToThread
SuspendThread
GetCurrentProcessId
GetFileTime
GetModuleHandleA
ProcessIdToSessionId
AddAtomW
DeleteAtom
FindFirstFileA
WinExec
GetModuleHandleW
GlobalDeleteAtom
GetConsoleWindow
CopyFileW
GlobalAddAtomW
GetThreadPriorityBoost
FindFirstFileW
GetVersionExW
CopyFileA
GetCurrentThreadId
ResumeThread
CreateMutexW
GetComputerNameW
Process32First
GetProcessTimes
GetFileAttributesW
ExitThread
VirtualAlloc
GetProcAddress
LoadLibraryA
IsBadReadPtr
VirtualProtect
ExitProcess
VirtualFree

user32

GetCaretPos
GetLastActivePopup
CloseClipboard
GetActiveWindow
IsHungAppWindow
IsIconic
GetMenuItemCount
GetKBCodePage
GetProcessDefaultLayout
GetInputState
GetClipboardViewer
GetDesktopWindow

msi

ord14

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ