4a1bd9aba1424df76aeb1670e0da6794_JaffaCakes118 | Triage

Sharing

General

Target

4a1bd9aba1424df76aeb1670e0da6794_JaffaCakes118
Size

97KB
MD5

4a1bd9aba1424df76aeb1670e0da6794
SHA1

47909fdf6e255655c4c7c7e03c8bf71bb234091c
SHA256

6b0e3283d4b1bc5b5d6e5cc5687bc319ac313fc79ecca2d654e67a58cd28ed1c
SHA512

44e78edd883394b7e0b516c990a7085aa364cc0c6f9e7b510276b60dc66228b1c829fae79a8e47b9802fc9203dc90459a7c14c039c0e2990494dee939e609a79
SSDEEP

3072:uC2KRlrymYg7O2SYxJWiVhLuY5qY53uBW:0KbumYgff7V15kO3eW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a1bd9aba1424df76aeb1670e0da6794_JaffaCakes118

Files

4a1bd9aba1424df76aeb1670e0da6794_JaffaCakes118
.exe windows:7 windows x86 arch:x86

e61969fb54d12f80f646eb1f885bc69b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
SetUnhandledExceptionFilter
GetModuleHandleA
GetCurrentProcessId
GetModuleHandleW
GetACP
GetCommandLineA
GetTickCount
SetUnhandledExceptionFilter
GetCurrentProcess
LocalFree
GetModuleHandleA
SetEvent
GetModuleHandleA
SetEvent
SetUnhandledExceptionFilter
LocalAlloc
GetModuleFileNameA
GetCurrentThreadId
SetUnhandledExceptionFilter
QueryPerformanceCounter

ntdll

NtAllocateVirtualMemory

user32

GetWindowRect
SendMessageW
GetDlgItem
PostMessageW
GetWindowRect
GetDC
GetMessageW
GetWindowRect
LoadIconW
ReleaseDC
SendMessageW
ReleaseDC
DestroyWindow
GetSystemMetrics
GetDlgItem
PostMessageW
GetSystemMetrics
ReleaseDC
PostMessageW
ShowWindow
DestroyWindow
GetDlgItem
ReleaseDC

Sections

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ