4b6c9651bc08e029847f8cdbd5389038_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b6c9651bc08e029847f8cdbd5389038_JaffaCakes118
Size

312KB
MD5

4b6c9651bc08e029847f8cdbd5389038
SHA1

0c01f910f5ff1a033b40469f932b5178e4c16972
SHA256

1190034732594844db8886d887556687dc412312990a7791e8e86083f41af65c
SHA512

89cf15a5bea54a09c650e1c623760c22926d0178033c9bb037ad6ef19944c5e848608de682a3e3786ec7536ecc388a13de14124a2cd2077d21fa7fcfe3f61078
SSDEEP

6144:3d+NsHYcfGkNdCEW/gh95Re3YIAR6y0SROGN+4PrVAuJq:3d+uH3fGoCEW/49zwdGI4PrVAQq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b6c9651bc08e029847f8cdbd5389038_JaffaCakes118

Files

4b6c9651bc08e029847f8cdbd5389038_JaffaCakes118
.exe windows:4 windows x86 arch:x86

89f94f3cf24824f826a7fd2bdb2314a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GlobalAddAtomA
GetLocaleInfoA
VirtualProtect
LoadLibraryExA
GetLastError
SetErrorMode
GetDriveTypeA
FileTimeToLocalFileTime
GlobalDeleteAtom
SetConsoleOutputCP
IsBadReadPtr
GlobalFree
HeapCreate
EnterCriticalSection
CloseHandle
InterlockedExchange
Sleep
RaiseException
LockResource
GetACP

user32

GetActiveWindow
GetClassNameA
GetWindow
ClipCursor
ShowWindow
SetForegroundWindow
GetParent
GetWindowTextA
GetCursorPos
GetFocus
ValidateRect
BeginPaint
DrawEdge
GetMenuItemInfoA
wsprintfA
EndPaint
ReleaseDC
IsIconic
DrawTextA

httpapi

HttpRemoveUrl
HttpTerminate
HttpCreateHttpHandle
HttpInitialize
HttpAddUrl

msutb

GetPopupTipbar

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ