628697f5d33cc7cb92dcb230cf0a09ad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

628697f5d33cc7cb92dcb230cf0a09ad_JaffaCakes118
Size

224KB
MD5

628697f5d33cc7cb92dcb230cf0a09ad
SHA1

0c00cb644c917f9145ba3930e4ba50ca5d207df5
SHA256

97b827acc80620de25483470210fbd26a47383676f6db2b54c1e2f888a4ce984
SHA512

393e87e590ad28a6085821d80eea82dcabf91bab991dfa4a04f01e19d51d8c9a2f7a5610aa7d4233fe5a7871c1ea96208366477d161d3ac874630560f0a98bbd
SSDEEP

6144:kDbgM9tQ5O2AyLLZxoktjPs+kWq2OUHPITC6dMAdIK:itXADLZx1UPWq17TCmAK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
628697f5d33cc7cb92dcb230cf0a09ad_JaffaCakes118

Files

628697f5d33cc7cb92dcb230cf0a09ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11bad7e715d973d84eb00f8582478ade

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetCommandLineA
GlobalAddAtomA
GlobalFree
InterlockedExchange
SetErrorMode
GetACP
LoadLibraryExA
LockResource
RaiseException
VirtualProtect
GetStdHandle
CloseHandle
GlobalDeleteAtom
GetLogicalDrives
GetLastError
FileTimeToLocalFileTime
HeapCreate
IsBadReadPtr
Sleep
GetLocaleInfoA

user32

ReleaseDC
GetMenuItemInfoA
BeginPaint
GetCursorPos
IsIconic
FrameRect
ValidateRect
DrawTextA
GetWindowTextA
ShowWindow
DrawEdge
EndPaint
GetFocus
GetParent
GetWindow
GetClassNameA
GetActiveWindow
SetForegroundWindow
wsprintfA

httpapi

HttpTerminate
HttpRemoveUrl
HttpInitialize
HttpAddUrl
HttpCreateHttpHandle

msutb

GetPopupTipbar

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ