482352584645a5624483d8b5335abf97_JaffaCakes118 | Triage

Sharing

General

Target

482352584645a5624483d8b5335abf97_JaffaCakes118
Size

168KB
MD5

482352584645a5624483d8b5335abf97
SHA1

c07bd38c1db36d413173af12755a0d512ac71ec8
SHA256

9837c79c752713d7405b294e051816c59fcb6e98d1045c25d21414379827b72e
SHA512

010857da0a99e97d534d3fde7e510263a741ec17121bee35790f6185d33dcd3b799fd5c97aaf83e4ad3735d4395f1d3af12608689a1fa9661e0d0a8bb661ea6d
SSDEEP

3072:UtD0uBhYKeZH2Fi1ZcmpWpFg91IxW9KmyFn8eTs8:UxNBhYFZaiFpWDgrIxoKmyxjs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
482352584645a5624483d8b5335abf97_JaffaCakes118

Files

482352584645a5624483d8b5335abf97_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ca1b0ebb24e67834fbc6f44e05b0f8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLongPathNameW
MultiByteToWideChar
GetWindowsDirectoryA
GetProcAddress
InterlockedDecrement
DeleteCriticalSection
SetThreadContext
InterlockedIncrement
EnumResourceNamesA
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSection
lstrcpynA
ExitProcess
DisableThreadLibraryCalls
GetVersion
GetFileAttributesA
GetLocaleInfoA

clusapi

CloseCluster

user32

CharNextA
BeginPaint
DestroyWindow
EndPaint
GetKeyState
GetDlgItem
GetActiveWindow
ReleaseDC
DefWindowProcA
MoveWindow
SetWindowLongA
SetFocus
SetWindowRgn
UnregisterClassA
GetDC
GetWindowRect
SetDlgItemTextA
PtInRect
IntersectRect
LoadAcceleratorsA
OffsetRect
EqualRect
SetParent

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ