495068f59699749b0eedddcf1008cf68_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

495068f59699749b0eedddcf1008cf68_JaffaCakes118
Size

17KB
MD5

495068f59699749b0eedddcf1008cf68
SHA1

93bfc1bf22da9423cf7133144bab4e864ab0e0d9
SHA256

b8943fada4b60363078f8191922e04787f36809c1e45296ee252e63bf8a1b8c6
SHA512

8d639ca4d7e1ec02c4c317a6894f91e82d0ae04df205c375d1e921f3b079490d0c03d4094a501c978eae5e5962e511d4cd15b4955ea289c23f5b30697042b7d1
SSDEEP

192:ObFF1EsFLzXLDdtiCSxi6AXVA3MBkaVz4FCiLmqgYS:IFF1EsZNtjL66eCDiMxq0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
495068f59699749b0eedddcf1008cf68_JaffaCakes118

Files

495068f59699749b0eedddcf1008cf68_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e1b72724e9fadbecc16b3d4d8976416

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetVersion
GlobalAlloc
GetFileSize
GetTickCount
FreeLibrary
lstrcpyA
LocalAlloc
GetLastError
LocalFree
GetModuleHandleA
CloseHandle
GetCommandLineA
Sleep

gdi32

MoveToEx
CreateCompatibleDC
ExtTextOutA
GetDeviceCaps
PatBlt
GetTextColor
CreateFontIndirectA
GetStockObject
SetROP2
SetBkMode
GetObjectA
GetPixel
CreateSolidBrush
LineTo

user32

GetFocus
GetClientRect
EndPaint
SetWindowTextA
TranslateMessage
SetFocus
BeginPaint
ShowWindow
DefWindowProcA
DispatchMessageA
CreateWindowExA
DialogBoxParamA
ScreenToClient
GetWindowRect
GetMessageA
MessageBoxA
LoadIconA

msvcrt

rand
__p__commode
__p__fmode
_acmdln
_controlfp
memmove
__set_app_type

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrs
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ