627667d0295500efd8eec186001bf8f5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

627667d0295500efd8eec186001bf8f5_JaffaCakes118
Size

16KB
MD5

627667d0295500efd8eec186001bf8f5
SHA1

51965d80ab37d3ee22e3f1e9616854931e7abecd
SHA256

6cb5a1ea3b52b62320d7751421f16991ae3116891b0cf42502dddc015b94852f
SHA512

7b47b30f563c34e7a1c230efb4559834964ac69d588811817816eec81631a40868485224264a610180aae824224f1df25786d35c6de7e66afb65bada874592d9
SSDEEP

384:6pvDW/lGk2FLWSdxVs/N/7xc18fTrg4t4TFrn:oralUMcxMN/7xcuf4O4TFrn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
627667d0295500efd8eec186001bf8f5_JaffaCakes118

Files

627667d0295500efd8eec186001bf8f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0af2764572b986cf3749b094b90b141e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
SizeofResource
LockResource
GetACP
MultiByteToWideChar
GlobalDeleteAtom
SetConsoleCP
GetPriorityClass
EnterCriticalSection
GetStdHandle
LoadLibraryExA
SetErrorMode
GetLastError
HeapCreate
Sleep
VirtualProtect
GetTimeFormatA
GlobalUnlock
GlobalFree
CloseHandle
GlobalAddAtomA

user32

ShowWindow
BeginPaint
GetParent
GetWindow
DrawEdge
GetClassInfoExA
GetForegroundWindow
ValidateRect
GetClassNameA
AnyPopup
ReleaseDC
DrawMenuBar
GetActiveWindow
EndPaint
GetWindowTextA
GetCursorPos
GetMenuItemInfoA
IsIconic
GetFocus

mprapi

MprAdminUserOpen
MprAdminUserClose
MprAdminUserRead
MprAdminUserGetInfo
MprAdminUserWrite

mapi32

MAPILogonEx

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ