433def126e65ce67c47d1005f85801de_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

433def126e65ce67c47d1005f85801de_JaffaCakes118
Size

42KB
MD5

433def126e65ce67c47d1005f85801de
SHA1

3fac636973db1ae9d5a2a14bb93462a79f3d9844
SHA256

0d4bb1e3a518a9278d4ca7b2dac840da97dd6a6b10173e33012ed1fa14911fb5
SHA512

5eafc0cd9223f47f423de1196b36f8f1f613948bf5a033f3f861579808ccf8165ccab0b72125942e17b970324b04bfbbb8abf384fb88c41d948d7038805a6d13
SSDEEP

768:+uU1fzfITlMyTHvIpOpVek9Cyh7xVgiQX+Y8iNlRo8XZDy6GQ:RU1sTlTTQoVpIyRLgiQX+YDNlTXZX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
433def126e65ce67c47d1005f85801de_JaffaCakes118

Files

433def126e65ce67c47d1005f85801de_JaffaCakes118
.exe windows:4 windows x86 arch:x86

20440bc716b211eb786b5be8e50996e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceLanguagesW
EnumResourceNamesA
EnumTimeFormatsW
ExitProcess
GetCPInfo
GetPrivateProfileSectionA
GetProcAddress
GetStringTypeExW
GlobalFlags
HeapLock
HeapValidate
InterlockedIncrement
ReadConsoleInputW
RtlZeroMemory
SetCalendarInfoA
SetVolumeLabelW
WritePrivateProfileStringW
WriteProcessMemory
WriteProfileSectionW

user32

CharPrevW
DefWindowProcW
GetKeyNameTextW
IsCharAlphaW
LoadStringA
MapVirtualKeyA
PackDDElParam
RegisterHotKey
SendMessageCallbackW
SetProcessDefaultLayout
UnhookWindowsHook

gdi32

AbortDoc
ArcTo
CreatePen
GetCharWidthA
GetColorAdjustment
GetGraphicsMode
GetLogColorSpaceW
MoveToEx
PlgBlt
SetBkColor
SetMapperFlags
SetMetaFileBitsEx
UnrealizeObject

Sections

.text
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE