4c6e91ab660a74212956dd8167a65db8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c6e91ab660a74212956dd8167a65db8_JaffaCakes118
Size

316KB
MD5

4c6e91ab660a74212956dd8167a65db8
SHA1

d401bce4e8005a05302bc14ed00fbfd5c4763038
SHA256

47d814cbca37e726dded98823028cda83e6aebcf4b29748802c2f8a6aa5230bd
SHA512

15fbc435396c7d30056297d60462963cc7672c269d53aa33c90c7ee4453edf2b970b195413485fa06b7cb2d3f46a2f26b916be19c39271a57342441e7e6d59a1
SSDEEP

6144:08BmLHC9+7SxhjmqsfGCIUZXiwRlDzgnJOGHhZ9al5YgvysriJOh:06h5mf3I2iwDzgn3Y5h6sriJ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c6e91ab660a74212956dd8167a65db8_JaffaCakes118

Files

4c6e91ab660a74212956dd8167a65db8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

797f93e996db52d2c6f8a2dcabb64386

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FindFirstFileA
GetCommandLineA
ResetEvent
GetStdHandle
RaiseException
GlobalFree
SetErrorMode
GetLastError
VirtualProtect
LoadLibraryExA
EnterCriticalSection
Sleep
GetLogicalDrives
ReleaseMutex
SetEvent
GetSystemDirectoryA
HeapCreate
GetLocaleInfoA
GetACP
InterlockedExchange

user32

GetCursorPos
FrameRect
FlashWindowEx
GetActiveWindow
ValidateRect
GetFocus
BeginPaint
FillRect
ReleaseDC
wsprintfA
IsIconic
GetParent
GetWindowTextA
GetWindow
EndPaint
SetForegroundWindow
GetClassNameA
DrawTextA
ShowWindow

httpapi

HttpInitialize
HttpAddFragmentToCache
HttpCreateHttpHandle
HttpTerminate
HttpAddUrl

winhttp

WinHttpOpen

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ