647950f2a240e6d20fdb13dee299d230_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

647950f2a240e6d20fdb13dee299d230_JaffaCakes118
Size

448KB
MD5

647950f2a240e6d20fdb13dee299d230
SHA1

d971f338d2724a7e63a32106ec6f692006f8d010
SHA256

534431d6657c68b27c8329aef02849bdd86e73737570586a12a2d828af0f7740
SHA512

21e699d6e182c96158fe51a8d533928f92c53a656093aa07edae78839ee354284151d11fa728a8b44fbc46ecfb6b65c7eee29b6cdab67618a7e3d770a428700d
SSDEEP

12288:sqRn/sfVIi3lXP0A685ItTpEdmry0eGR5xUktG:sq9/c7y/zCYG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
647950f2a240e6d20fdb13dee299d230_JaffaCakes118

Files

647950f2a240e6d20fdb13dee299d230_JaffaCakes118
.exe windows:4 windows x86 arch:x86

65281c771d7867d9481a05245c06c770

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
InterlockedExchange
GlobalFree
GetLastError
GetStdHandle
LockResource
CloseHandle
GlobalDeleteAtom
GetDriveTypeA
SetErrorMode
LoadLibraryExA
VirtualProtect
Sleep
GetACP
SetConsoleOutputCP
HeapCreate
GetLocaleInfoA
FoldStringA
RaiseException
EnterCriticalSection
GlobalAddAtomA

user32

SetForegroundWindow
GetCursorPos
ValidateRect
GetParent
GetWindowTextA
CharToOemBuffA
ShowWindow
ClipCursor
BeginPaint
GetWindow
IsIconic
GetMenuItemInfoA
GetClassNameA
DrawTextA
GetFocus
DrawEdge
GetActiveWindow
EndPaint
ReleaseDC

version

VerInstallFileA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
VerFindFileA

rasadhlp

WSAttemptAutodialName

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ