641563b3483157039ecaa99cd29acca0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

641563b3483157039ecaa99cd29acca0_JaffaCakes118
Size

241KB
MD5

641563b3483157039ecaa99cd29acca0
SHA1

0f4873d83cd8170f90f66108870f881492c2c908
SHA256

f33d44d9870b46ee6da700550d5d9e120422319b33dace7f8949f1de34f898c4
SHA512

c171979d364463af40cfdf7b8c13a6391e271336949e3fce04aabe269e0f718ebe41f8f5544abebd64374e242771e1f17f2fabcde48c8f3c8735bb07b5b877bb
SSDEEP

3072:9VKTXYRsrcoASRvC2+ZCJqmS2hmy38T63RIqzNg2FI4/7rfNSfO:9s0RsFlvC2B3Ay38GB55TrgfO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
641563b3483157039ecaa99cd29acca0_JaffaCakes118

Files

641563b3483157039ecaa99cd29acca0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f58debc185b22fc5ef369d46b133b6b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcat
GlobalFree
LocalSize
SetConsolePalette
GlobalLock
SetCommBreak
LoadResource
GetProfileStringA
GetStdHandle
GlobalFindAtomA
CloseHandle
RaiseException
GetProcessHeap
ExitThread
GetOEMCP
GlobalAddAtomA
LoadLibraryExA
DeleteAtom
EnterCriticalSection
VirtualAlloc
GlobalUnlock

user32

BeginPaint
GetDC
GetForegroundWindow
CloseWindow
ShowWindow
ReleaseDC
GetWindow
GetWindowTextLengthA
GetFocus
GetParent
DrawEdge
IsIconic
GetClassNameA
AlignRects
EndPaint
GetActiveWindow
GetWindowTextA
GetClassInfoExA
ValidateRect

wsock32

WSAStartup
WSAGetLastError
WSASetBlockingHook
WSAAsyncGetServByPort
WSACleanup

linkinfo

CreateLinkInfoA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ