4beb1648064435f0bd872b58371a6ad0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4beb1648064435f0bd872b58371a6ad0_JaffaCakes118
Size

312KB
MD5

4beb1648064435f0bd872b58371a6ad0
SHA1

8c30b8de3a625a2601efdebfde00359e4dec15a6
SHA256

52bedd7146b57474d25bb2ae743d1fc8bfab685cc891d6fff0cba39bdc9b0a21
SHA512

9ee3f65391407f42590224c37d533515bc722a262dcffa95aaa0649904152f0ba7f862ebca2b779f88f989c8629547c4b27cdb53e0c8d4619ea97b8366946b6b
SSDEEP

6144:ErTuETVyp+zFTan/bdV+6A5iP2naGmzvXYu5aRCaMMQG:EWr+zUDvA5eYYvYiaPMY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4beb1648064435f0bd872b58371a6ad0_JaffaCakes118

Files

4beb1648064435f0bd872b58371a6ad0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05be22f6ad1046d3aac507b2a7727566

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
HeapCreate
GetCurrentThread
GetCurrentProcess
GetACP
IsDebuggerPresent
VirtualProtect
GetLocaleInfoA
GetSystemDirectoryA
InterlockedExchange
FlushFileBuffers
GlobalFree
SetEvent
LoadLibraryExA
OpenMutexA
GetCompressedFileSizeA
GetCommandLineA
RaiseException
ReadConsoleA
FreeEnvironmentStringsA
GetStdHandle

user32

GetCursorPos
ValidateRgn
BeginPaint
ReleaseDC
DrawTextA
GetDlgItem
IsIconic
SetActiveWindow
SetForegroundWindow
FrameRect
GetWindow
wsprintfA
GetClassNameA
GetParent
GetFocus
GetWindowTextA
FillRect
ShowWindow
EndPaint

crypt32

CertCreateContext
CertFindAttribute
CertControlStore
CertCloseStore
CertDuplicateStore

apphelp

ApphelpCheckIME

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ