48c0bfd0ad7a78c51690bb09b808ed47_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48c0bfd0ad7a78c51690bb09b808ed47_JaffaCakes118
Size

444KB
MD5

48c0bfd0ad7a78c51690bb09b808ed47
SHA1

e09ec1a44e6fbd5319c1879a5a9fcf660f5ffa57
SHA256

4138a60618d06e8cbba6508e0f08f7e47646db2437aeb4d46db59335e231074b
SHA512

947b82cc7ed00ee2aded084b98ba8674f1800826c7f09dac83a600630302836ca8494b0a434fe5ca828949fcd83c283ae0ab4730cded5343879996d07ca43e51
SSDEEP

12288:tAr5PttOK8UyAUNR6GHM4ZlWO61rg/6iK57HeuE:tArH5lyD3rzWOksSiK1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48c0bfd0ad7a78c51690bb09b808ed47_JaffaCakes118

Files

48c0bfd0ad7a78c51690bb09b808ed47_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b9a2a15bdfb96a5d2d6270538071a78e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipAlloc
GdipCreateBitmapFromFile

kernel32

FindResourceExW
FindResourceW
LCMapStringA
LoadResource
LocalFree
GetVersionExA
FindAtomA
lstrlenA
HeapAlloc
HeapFree
GetTickCount
GetProcessHeap
GetLastError
ExitProcess

gdi32

GetFontData
DeleteObject

user32

GetKeyState
KillTimer
SendMessageA
SetTimer
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
PostMessageA

Sections

.text
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ