3f6dc8355070a1abc18cbd4f302f9fe7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f6dc8355070a1abc18cbd4f302f9fe7_JaffaCakes118
Size

134KB
MD5

3f6dc8355070a1abc18cbd4f302f9fe7
SHA1

dcdf5edf05a257a89f3fb071f733ffe22546a249
SHA256

466154727cec6a3fb976f47f3f2ccc7dfc9385ca93f53148d3715cf0158e5bd0
SHA512

521b556b524ca062624cc1d7d082078ceb3685a5534169902ab6845f5e942cca5889d2e8d78d62a9624f49a369b512e75d70f46795a8ca796cd5f0244b3ee9b9
SSDEEP

3072:n8gg+eO7A8uRmiVnQ9MBC5g6/ac4CLkA3oxZF0ZvHdpHCZQERhcm/:teOU8qWmU14CLkA5vHdpiZQEz/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f6dc8355070a1abc18cbd4f302f9fe7_JaffaCakes118

Files

3f6dc8355070a1abc18cbd4f302f9fe7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8529f8747d5f661a002bec909e2e4850

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
OutputDebugStringA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
lstrlenA
FreeConsole
WriteConsoleA
GetModuleFileNameA
CloseHandle
OutputDebugStringW
Sleep

user32

SetFocus
GetSysColor
DefWindowProcA
IsWindow
CreateMenu
CreateWindowExA
TrackPopupMenu
GetSubMenu
PostQuitMessage
MessageBoxA
GetWindowLongA
KillTimer
LoadMenuA
DialogBoxParamA
UpdateWindow
GetParent

gdi32

PolyTextOutA
RealizePalette
StretchBlt
CreateCompatibleDC
TextOutA
SelectPalette
SetBkMode
DeleteObject
SelectObject
BitBlt

comdlg32

GetSaveFileNameA

shell32

ShellExecuteA
SHGetFileInfoA

ole32

CoInitialize
CoCreateInstance

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ