42b5eca2a915d2735f5f56ac9cf1e463_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42b5eca2a915d2735f5f56ac9cf1e463_JaffaCakes118
Size

244KB
MD5

42b5eca2a915d2735f5f56ac9cf1e463
SHA1

49b7acc46eae1b051dda5a7809ed6503d90f9cef
SHA256

0cdbdadc1fb2e6e7b2deb3b0266e484ec6cc721c300f047332ef9109457bea47
SHA512

0b856c59094cab9bd01f07ebaebd010c978aeae3c16dcb9a16a434484a45ba4f42a1babad443a5202660cb5d6cf2bbbd1151bfb4fa1b283ff0ccde7dff59e8c5
SSDEEP

6144:SrfxQ3iDx2IpxBCjvdXNAYtYh0XbB7UI:SrfE6x2IpOjvddZt8Ai

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42b5eca2a915d2735f5f56ac9cf1e463_JaffaCakes118

Files

42b5eca2a915d2735f5f56ac9cf1e463_JaffaCakes118
.exe windows:5 windows x86 arch:x86

81dce71a26e779d40d9d112a4e13d276

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
ResumeThread
LoadLibraryA
GlobalFree
VirtualAlloc
TerminateProcess
CreateProcessA
GlobalAlloc
VirtualQueryEx
VirtualFree
FreeLibrary
GetThreadContext
lstrcpyA
GetTempPathA
CloseHandle
GetCurrentThreadId
GetModuleHandleA
GetTempFileNameA
GetProcAddress
GetLastError
OpenProcess
WriteFile
WaitForSingleObject
lstrlenA
lstrcmpA
CreateFileA
ExitProcess
lstrcatA

user32

GetThreadDesktop
GetFocus
OpenInputDesktop
wsprintfA
CloseDesktop
InflateRect
GetCursorPos
SetThreadDesktop
EqualRect
IsWindowVisible
FindWindowA
GetWindowThreadProcessId
ClientToScreen

shell32

ShellExecuteA

shlwapi

SHGetValueA

advapi32

CreateProcessAsUserA

gdi32

GetBkColor
GetBkMode

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE