497f37dde349331903ccd1c597459800_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

497f37dde349331903ccd1c597459800_JaffaCakes118
Size

317KB
MD5

497f37dde349331903ccd1c597459800
SHA1

da22cc72b06ef98caa0bc24ccb7a314dc7078dc2
SHA256

c0e1b529981731c61f35d3206aafdac93415f75cb87a55449f9907c08522c081
SHA512

a400031feff5eb9d7bd9883d627d515b588c98f8a267086e96c149a8e85d8228b2ed4f331fe4719e84b3473d92f5a0a5ef0f25120bb454b41fb3cfd539969543
SSDEEP

6144:CrvB8U3GLsvCjuVwg6ndXmgjGNUYYAleJGWS4blVJRsjTMEjN2ndh:CdqsUuVYndXm6ntAezS+RsjYv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
497f37dde349331903ccd1c597459800_JaffaCakes118

Files

497f37dde349331903ccd1c597459800_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c90ae128a108bce88721802c0b460410

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadCodePtr
GlobalAddAtomA
GlobalAddAtomA
LoadLibraryExA
DeleteAtom
lstrcat
RaiseException
GetStdHandle
SetCommBreak
LocalFree
GetLastError
LoadResource
GlobalUnlock
CloseHandle
WriteProfileStringA
VirtualAlloc
HeapCreate
GetOEMCP
GlobalFree
EnterCriticalSection
SetConsolePalette

user32

GetWindow
GetClassInfoExA
GetFocus
EndPaint
ValidateRect
GetForegroundWindow
ReleaseDC
AlignRects
GetWindowTextLengthA
ShowWindow
GetParent
DrawEdge
IsIconic
GetClassNameA
BeginPaint
GetDC
GetActiveWindow
GetWindowTextA
CloseWindow

wsock32

WSACleanup
WSASetBlockingHook
WSAAsyncGetServByPort
WSAStartup
WSAGetLastError

linkinfo

CreateLinkInfoA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ