4496469256ef41d90f1531a5422fd0f3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4496469256ef41d90f1531a5422fd0f3_JaffaCakes118
Size

48KB
MD5

4496469256ef41d90f1531a5422fd0f3
SHA1

63e65e30077092cc20635c13625a7fabdc109a4f
SHA256

0b16516f87c6e49701dd3d1908c3a7c4bdbacba703e3d47ccb556ebfb5936a98
SHA512

df9278a557a13614a2bd244488ba63e5e247e69a05f50e3b0d6e4cd5ae2b2127ae13c336c332585adc24a4b794b631d470edaa54dd4a6feceae66c76e4155c47
SSDEEP

768:I/dfS82EEY1yTCq8rRLEjNAL+9ujLM22DDDYVWdD35lmqxawL0QP32WJk26vkHH2:7ib1yTCqiVEJAS9uMR/DzdD3RxeWJq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4496469256ef41d90f1531a5422fd0f3_JaffaCakes118

Files

4496469256ef41d90f1531a5422fd0f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5befbed8f4de5095ed30a4d5d25e6c9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
SetStdHandle
GetOEMCP
HeapReAlloc
TlsAlloc
FormatMessageW
TlsFree
WideCharToMultiByte
SetFileTime
FindFirstFileW
Sleep
VirtualProtect
GetStartupInfoA
FindResourceW
GetCurrentThread
GetVersion
InterlockedDecrement
EnterCriticalSection
GetDriveTypeW
GetCPInfo
GlobalAlloc
HeapAlloc
WaitForSingleObject
SetConsoleCP
GetCommandLineA
VirtualQuery
LCMapStringW
GetModuleHandleA
SetLastError
GetModuleFileNameA
LoadLibraryA
ExitProcess

advapi32

RegDeleteValueW
RegEnumValueA
RegQueryValueExA

gdi32

SaveDC
SetViewportExtEx
GetPixel
SetWindowOrgEx
SetBkColor

version

GetFileVersionInfoW

user32

EndPaint
PostMessageA
GetCursorPos
CreateWindowExW
CharNextW
TranslateMessage

msvcrt

_vsnwprintf
_wtol
_XcptFilter

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE