44ccf62482390166321db6f2f0c9b69d_JaffaCakes118 | Triage

Sharing

General

Target

44ccf62482390166321db6f2f0c9b69d_JaffaCakes118
Size

456KB
MD5

44ccf62482390166321db6f2f0c9b69d
SHA1

ecdd1630c8ac2c534a72cbc1a8359cb2c63d7649
SHA256

1c2e0bbf28025f30da320ddcca6edc1da4bc30034dc07f132ba607e7b9d95b8e
SHA512

fbf1992dc209acab72e5e8a742c941713f064c35f75dcef17e5e952c5d796c194e4b95fcc9fd629cbeac2a66857386d4a9d48dc5f7e45c9bcf9539eaba0f361c
SSDEEP

6144:BWvNRmarSQuLY/pqkqeWAp4zJluQisusBV4brups/OhiFL6O8umMlUAFs2VLFWeK:cSaupYBxq2CVcQi/is6XjAFs2VLFg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44ccf62482390166321db6f2f0c9b69d_JaffaCakes118

Files

44ccf62482390166321db6f2f0c9b69d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ceb42364ca911b42dff476f97ab12516

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
LCMapStringW
QueryPerformanceCounter
GlobalMemoryStatus
GetDiskFreeSpaceExW
GetLongPathNameA
Process32First
Process32Next
OpenProcess
OpenThread
SuspendThread
ResumeThread
lstrcpyA
CreateToolhelp32Snapshot
GetModuleFileNameW
CreateDirectoryW
SetFileAttributesW

msimg32

TransparentBlt

shell32

SHCoCreateInstance

user32

DestroyWindow
FindWindowW
SendMessageA
PostMessageA
EnableWindow
PeekMessageA

gdi32

CreateBitmap
CreateSolidBrush
GetFontData
SetBrushOrgEx
GetObjectW

Sections

.text
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ