4e1f2d2327143511216e8a55f40d3682_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e1f2d2327143511216e8a55f40d3682_JaffaCakes118
Size

18KB
MD5

4e1f2d2327143511216e8a55f40d3682
SHA1

7baebab0e99b41440d73d87ca4fa47e5b74b1105
SHA256

cb7b98437ffbe3307e7beaf8daad1ec795b42dd99f5de7bf314aa4a7ffaad525
SHA512

b5787ccb5b43b5270befe300d3c303a5401fbe577b5f346b7b6f7eb84e592aea8ce368f54ce3408c5bc7ab7144aceeae3c47dfa8bee3e4160e6716949eb9f57f
SSDEEP

192:CUQdsNFvXIcxsV0o13S0TnEqYeoBhkViCRdpCJczSkap:CUQS3vJsKIjYeozkVzTEJczS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e1f2d2327143511216e8a55f40d3682_JaffaCakes118

Files

4e1f2d2327143511216e8a55f40d3682_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb6616704bd427e4ca6cfb407f40d855

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
lstrcatA
CreateProcessInternalW
FreeLibrary
GetDriveTypeW
GetCurrentThreadId
TlsSetValue
GetSystemDefaultLCID
GetCurrentThread
VirtualAlloc
GetOEMCP
GetModuleHandleW
lstrcpyA
GetCommandLineA
GetUserDefaultLCID
GetModuleFileNameA
TlsGetValue
GetCurrentProcessId
GetACP
IsDBCSLeadByte
GetLogicalDrives

user32

GetWindow
GetDC
ReleaseDC
GetFocus
GetActiveWindow
IsIconic
GetWindowDC
GetWindowLongA
UpdateWindow
RegisterClassA
GetSystemMetrics
ShowWindow
GetForegroundWindow
IsWindowVisible
GetWindowTextLengthA
GetClassInfoExA
ValidateRect
GetWindowTextA
CloseWindow

imagehlp

FindFileInPath
ImageNtHeader
CheckSumMappedFile
ImageLoad
BindImage
FindDebugInfoFile

oleacc

GetStateTextA
LresultFromObject
GetRoleTextA
DllRegisterServer

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ