42a80d8b00a8944394e9047d50f36456_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42a80d8b00a8944394e9047d50f36456_JaffaCakes118
Size

636KB
MD5

42a80d8b00a8944394e9047d50f36456
SHA1

0d9d82d2eece6930961c52c6cefc2f1154acc366
SHA256

5bce19cb0efca7ddb37deeb368aa70a963605c38503bfab03d36f6ae19c8f4aa
SHA512

0550f5022f931eba1070c05b10001d9facdac8469ea2c8dfebb91f8f88f7db0902739c709d3df3d24577e67fa4a4fe20098261583664520972364a918433d55e
SSDEEP

12288:Ay7jpS31ZxKSpzluJzNo15jH78WtvspyjriT/bmUH4Cu:AYjcZxKcUt2JH7ztdmTA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42a80d8b00a8944394e9047d50f36456_JaffaCakes118

Files

42a80d8b00a8944394e9047d50f36456_JaffaCakes118
.exe windows:4 windows x86 arch:x86

24d3416989b3c19cf3565c01752307ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
LocalSize
InterlockedExchange
GetVersion
GlobalUnlock
GetCommandLineA
WaitForSingleObject
SuspendThread
WaitForMultipleObjects
GetModuleHandleA
GetAtomNameA
GetConsoleCP
HeapReAlloc
GetSystemDefaultLangID
LoadLibraryExA
CloseHandle
HeapCreate
lstrlenA
VirtualProtect
GetStdHandle
GetTickCount

gdi32

CreatePalette
GetRgnBox
GetFontData
EqualRgn
CreateICA
GetMetaFileA
DeleteObject
CreateFontA
EndPath
GetMetaRgn
Escape
GetStringBitmapA
AbortPath
DeleteDC
FloodFill
EngLineTo
BeginPath
GetTextColor
Ellipse

winmm

PlaySoundA
auxGetVolume
OpenDriver
auxSetVolume
CloseDriver

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ