649c91eb6995bcf22cc5d4e2d30f03c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

649c91eb6995bcf22cc5d4e2d30f03c1_JaffaCakes118
Size

416KB
MD5

649c91eb6995bcf22cc5d4e2d30f03c1
SHA1

f09d759ae8a7c75e52fdaa7485610febc0592a21
SHA256

8fffca269cc161b915736a9c78b2a327e69e3fc24e86b4d1411d4ba39b8d964e
SHA512

eae9eedc4cd6df5983c42ea5e39a1453c0e05272eadf11f2d70ee21384b9eb7a06d0d36c038a84f293797bda92da6422634341142cb5adb124bd1d4ef473ed3d
SSDEEP

6144:K6b2I7dBJY+l8EAnddMJfnDnDYiktjAg2SDj2uqLUITtjtz:K6qIprYLsr0iktjrpDSFJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
649c91eb6995bcf22cc5d4e2d30f03c1_JaffaCakes118

Files

649c91eb6995bcf22cc5d4e2d30f03c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

25c5bd7afd361096197aafc9606d0aa5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExA
VirtualProtect
GetLogicalDrives
GlobalFree
GlobalAddAtomA
GetSystemDirectoryA
GetLastError
RaiseException
GetLocaleInfoA
GetCommandLineA
LockResource
CloseHandle
GetACP
HeapCreate
InterlockedExchange
LoadLibraryExA
SetErrorMode
Sleep
GetStdHandle
GlobalAddAtomA
EnterCriticalSection

user32

GetFocus
FillRect
GetActiveWindow
GetWindow
BeginPaint
FlashWindowEx
GetParent
GetWindowTextA
wsprintfA
ShowWindow
ReleaseDC
IsIconic
ValidateRect
SetForegroundWindow
GetCursorPos
GetClassNameA
FrameRect
EndPaint
DrawTextA

httpapi

HttpAddUrl
HttpCreateHttpHandle
HttpInitialize
HttpTerminate
HttpAddFragmentToCache

winhttp

WinHttpOpen

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ