3f8bc2f677c8618375ba7a0f2d2d9cd6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f8bc2f677c8618375ba7a0f2d2d9cd6_JaffaCakes118
Size

396KB
MD5

3f8bc2f677c8618375ba7a0f2d2d9cd6
SHA1

f938c9d1124500bf2dc01be83f539157c0e52293
SHA256

4f1dd752ec56b981448656602337344e76d814a925ad3de8225155e98a9e4674
SHA512

bb04ccb48d86ef12fbe3b3371c27e78da5ad31c88a724d542b29e773fa24e083b440b431bca5356718d97ee5ba0dcdc3c33c793066dc7493bef076f1fa1567f7
SSDEEP

6144:nn4GYVvFckQzSFGegrEdTEY/K/K/9LMlfFYgr0ZaT83gpK8OLYx0:JcWSTVwY/d9olt9nRpXOLYx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f8bc2f677c8618375ba7a0f2d2d9cd6_JaffaCakes118

Files

3f8bc2f677c8618375ba7a0f2d2d9cd6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e311062b6161fffabc318887554d6d1f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
LocalAlloc
ExitProcess
QueryPerformanceFrequency
RaiseException
GetTickCount
GetCurrentThreadId
DeleteCriticalSection
GetThreadLocale
InterlockedExchange
RegisterWowExec
GetVersionExW
InitializeCriticalSection
CopyFileW
GetLocaleInfoA

user32

PostMessageW
KillTimer
GetFocus
TranslateMessage
LoadIconW
OffsetRect
LoadMenuW
EnableMenuItem
GetWindowPlacement
ReleaseCapture
IsWindowVisible
PtInRect

odbc32

SQLGetTypeInfoA

Sections

.text
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ