3d3d693d30e1807220721fcb42c1303a_JaffaCakes118 | Triage

Sharing

General

Target

3d3d693d30e1807220721fcb42c1303a_JaffaCakes118
Size

147KB
MD5

3d3d693d30e1807220721fcb42c1303a
SHA1

a61ff77930a2e479b6851cc4b2893a81d5621dfc
SHA256

140eb2264e2d2455ad12d05d9c3b91cda074ef8105b1b51bd43e89645913538f
SHA512

8e8f20d2e8863917f49d49ac38c3eb4d65c2d6d58bd9979e50a764a60bc7f28349f06cc195ace7d68032298f8ab82d2d518e597fcb298cc8d4dd9e07ea3007fd
SSDEEP

3072:LgGc77i85AbjYhvqTemYqMQY0N+2Bu4QIU7CGkyBzdr/Oeb:Nc685AeyNOzIMBzdDOe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d3d693d30e1807220721fcb42c1303a_JaffaCakes118

Files

3d3d693d30e1807220721fcb42c1303a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f7de27f43aa1844d93fb09dc68626952

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetMessageA
CharUpperA
LoadStringA
IsWindowVisible
PeekMessageA
GetWindowTextA
DispatchMessageA
SetTimer
CharNextA
KillTimer
GetWindowThreadProcessId
wsprintfW
EnumWindows
PostThreadMessageA
wsprintfA

rpcrt4

RpcBindingFromStringBindingA
RpcBindingSetAuthInfoA
NdrClientCall
RpcStringBindingComposeA
RpcStringFreeA

shlwapi

PathFindExtensionA

kernel32

ReadProcessMemory
ClearCommError
SetLastError
DuplicateHandle
FindFirstFileA
FindClose
CreateProcessW
SetFilePointer
ClearCommError
MapViewOfFile
QueryPerformanceCounter
EnumResourceNamesW
UnmapViewOfFile
ExitProcess
GetExitCodeProcess
CreateFileMappingA
ExitProcess
CreateMutexA
ReadFile
ReleaseMutex
GetModuleFileNameW
GetStartupInfoA
FindResourceExA
LocalSize

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ