44c589be6feb27b3564c14fed53dc178_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44c589be6feb27b3564c14fed53dc178_JaffaCakes118
Size

46KB
MD5

44c589be6feb27b3564c14fed53dc178
SHA1

8e470d977694a96b0d615f9e9a16b42974f3bf23
SHA256

b9a2b0a7f08ef0ecfa3dfb129ddc269ca160cf356e28baf03d3533ec07a3e142
SHA512

23b49d1993886390602ba674c2b5a591ed3fc69c69e9c36a5dac2bc32850172796270a210d9236ea89b7fea84282be7f66365cfc2d5e999ae5f060ff03864b06
SSDEEP

768:+oe2AMhE8n5WZgK1+UyHvbsVQhIYnjvF90v88JJ:o2AWWZ11+3PeebDvM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44c589be6feb27b3564c14fed53dc178_JaffaCakes118

Files

44c589be6feb27b3564c14fed53dc178_JaffaCakes118
.exe windows:4 windows x86 arch:x86

96b5d9889daffbe0c677e47f83af09f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceTypesA
ExitProcess
GetUserDefaultLangID
MoveFileW
OpenEventA
OpenProcess
SetComputerNameA
SetConsoleCtrlHandler
TryEnterCriticalSection
WritePrivateProfileStructW

user32

CallMsgFilterW
CharLowerBuffA
ChildWindowFromPointEx
DdeEnableCallback
DispatchMessageW
LoadKeyboardLayoutW
LockWindowStation
OpenInputDesktop

gdi32

BitBlt
DeleteEnhMetaFile
FloodFill
GetSystemPaletteEntries
GetTextAlign
MoveToEx
PaintRgn

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE