430c1f62667bb48b93e23a21bdab8db3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

430c1f62667bb48b93e23a21bdab8db3_JaffaCakes118
Size

14KB
MD5

430c1f62667bb48b93e23a21bdab8db3
SHA1

b6e062c26b59ef7a2b8c4d538b234729c83eaacf
SHA256

3ec08d28141e54c5f6f7d40bdb638c647d47b4ccfa44805a0c0ac68bbf5cd1f0
SHA512

bb6b42b8c71ee9702b209560374e74116ca4effea7ef2a0c371a97dd9db28efd7b2898f2d0103ab7eff1d487c8e1184f1842c828edc1b99819d72aa2ffaf5a3d
SSDEEP

192:GkUYNqcP0pm8Y6pI1GZIVaTz+kEB1wLj4qK7P/:G18F088KUlTqkEB1f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
430c1f62667bb48b93e23a21bdab8db3_JaffaCakes118

Files

430c1f62667bb48b93e23a21bdab8db3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

75c80cd5b8e74cd9e20602d1d3193eb9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SwitchToThread
DeleteFileA
GetOEMCP
GetThreadLocale
VirtualAlloc
FindFirstVolumeMountPointA
GetModuleHandleW
lstrcatA
GetSystemDefaultLCID
AddAtomA
IsDBCSLeadByte
TlsGetValue
GetCurrentThreadId
GetModuleFileNameA
TlsSetValue
GetUserDefaultLCID
GetCommandLineA
GetFileAttributesW
SetEndOfFile
lstrcpyA
TlsFree

user32

GetDC
GetActiveWindow
GetForegroundWindow
GetWindowLongA
ReleaseDC
IsIconic
GetWindowTextA
RegisterClassA
CloseWindow
GetClassInfoExA
GetFocus
ValidateRect
ReleaseDC
IsWindowVisible
InvalidateRect
GetWindow
GetSystemMetrics
GetWindowTextLengthA
ShowWindow

psapi

EmptyWorkingSet
GetMappedFileNameA
GetModuleInformation
GetWsChanges
EnumPageFilesA
GetModuleBaseNameA

msctf

DllRegisterServer
DllGetClassObject

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ