3e8f784302585f809b2e9e0bedfa38d8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e8f784302585f809b2e9e0bedfa38d8_JaffaCakes118
Size

26KB
MD5

3e8f784302585f809b2e9e0bedfa38d8
SHA1

b3d746149cc73e0a20ed46369b9b65ea21ab9669
SHA256

8c2721a111f1fab482545b635faf6dc34cb65dd0c04bb9bf72e080735ac81510
SHA512

4137217026a882d6a6ac3065c0105a7bf668799e21e79372f453533b54ec123e006c4a153b473d9e98aa61a4942a5615421b79e1d5475bc7ec7e496bd987ebe6
SSDEEP

768:zzOznlS5YxVG7jlsgBDoh8DsrNM+ro4S:zEnCnlBoKDX+Mv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e8f784302585f809b2e9e0bedfa38d8_JaffaCakes118

Files

3e8f784302585f809b2e9e0bedfa38d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e5a3ebadaadb98cf94e38f3c7b26d0b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_ltoa
__dllonexit
iswctype
memcpy
bsearch
srand
strstr
_wtoi
wcsncat

user32

FillRect
ChildWindowFromPoint
IsDlgButtonChecked
TranslateMessage
DestroyWindow
EndDialog
ReleaseDC
ShowWindow
InvalidateRect
GetMessageA

gdi32

Ellipse
RestoreDC
GetTextExtentPoint32A
DeleteObject
SelectClipRgn
BitBlt
SetTextAlign
ExtTextOutA
EndDoc
CreateSolidBrush

advapi32

GetSidIdentifierAuthority
OpenProcessToken
GetSidSubAuthorityCount
GetLengthSid
EqualSid
QueryServiceObjectSecurity
OpenSCManagerA
SetKernelObjectSecurity
LookupAccountNameA
AddAce

kernel32

SetConsoleCtrlHandler
GetStringTypeW
GetCurrentProcess
GetModuleFileNameA
SetLastError
SetUnhandledExceptionFilter
TlsFree
GetSystemTimeAsFileTime
TlsAlloc
CreateFileA
GlobalReAlloc
InitializeCriticalSection
GetPriorityClass
GetTimeZoneInformation

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ