49550f6afaa5d568fadcb4e1505bd418_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49550f6afaa5d568fadcb4e1505bd418_JaffaCakes118
Size

398KB
MD5

49550f6afaa5d568fadcb4e1505bd418
SHA1

8beae4b71e4bbdb0b786a3a1abefdb8ca7d94935
SHA256

829001ed2e99e49b927dd19ad0e6799c4d0e02d4471675f7c38c20c9f1ac1476
SHA512

a4b7c604db132de9310bf1e86cb02608da4ae1dee226636deb75722918a6bd74e7866f2723dd605c73aa37af81f87d5d5f085d0e1ac991f11fc533ebd84d8b85
SSDEEP

12288:s2+u8gUIA82a4/dElVGELgwDqe3O+B4uxUF2o:qu8gUIA8H4VgcELlDqOO+BVxUFr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49550f6afaa5d568fadcb4e1505bd418_JaffaCakes118

Files

49550f6afaa5d568fadcb4e1505bd418_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e311062b6161fffabc318887554d6d1f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
LocalAlloc
ExitProcess
QueryPerformanceFrequency
RaiseException
GetTickCount
GetCurrentThreadId
DeleteCriticalSection
GetThreadLocale
InterlockedExchange
RegisterWowExec
GetVersionExW
InitializeCriticalSection
CopyFileW
GetLocaleInfoA

user32

PostMessageW
KillTimer
GetFocus
TranslateMessage
LoadIconW
OffsetRect
LoadMenuW
EnableMenuItem
GetWindowPlacement
ReleaseCapture
IsWindowVisible
PtInRect

odbc32

SQLGetTypeInfoA

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ