64362b47ed9ba5a4884e678f3481a06c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64362b47ed9ba5a4884e678f3481a06c_JaffaCakes118
Size

60KB
MD5

64362b47ed9ba5a4884e678f3481a06c
SHA1

ea4593a512965dff28aa08e1f0a94216511f9b39
SHA256

004d2570537b08af0cbd399a9851d00e12e19c587be7a4c89195c9154263dd82
SHA512

f7985462802c03720aabd0b5c0e881027c1c3346f5a9b8a69233ff4f9d98adc7d6157357caa59b984946395ce30b06a5f8d43378b4180805c9702ae031551850
SSDEEP

1536:CVwDLHFqnI/tTGXQI4A1JchPP/n1/JbclNot:YY4IZI4dPpJbclNot

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64362b47ed9ba5a4884e678f3481a06c_JaffaCakes118

Files

64362b47ed9ba5a4884e678f3481a06c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ee3bbf404680e5ab6632dc00d20dcfa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CloseHandle
CreateThread
CreatePipe
ReadFile
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
LoadLibraryA
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleA
ExitProcess
VirtualProtect

user32

DialogBoxParamA
LoadBitmapA
ReleaseDC
GetClientRect
BeginPaint
EndPaint
EndDialog
GetDC

gdi32

StretchBlt
SetStretchBltMode
DeleteObject
SelectObject
CreateCompatibleDC
DeleteDC

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ