649e01905548189616c076ba47084601_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

649e01905548189616c076ba47084601_JaffaCakes118
Size

3.8MB
MD5

649e01905548189616c076ba47084601
SHA1

e33769078dc35cdafdedd9097b51224541e618ef
SHA256

c7d68af6f26bf0079389785b3e4e97cc16b520815109f8a158793076acbe7f47
SHA512

23a6a61bf81cf3c926cf74e421a807295c2cd8dd0f69c8764b659a6857443ff5818a205b44d8488e25a16e88e9e34f61f2a709cd9aabee87a5dbb42a04ed37d7
SSDEEP

98304:Ha5FuTxBNIl9+mBEHyBVdBbznN8HGFrYTs4fMxwP3ZA:66TxvIv+mxbbmrw0IYq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
649e01905548189616c076ba47084601_JaffaCakes118

Files

649e01905548189616c076ba47084601_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3dbd5dd9a194a2619a8c6a3367783a5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
WriteConsoleOutputA
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetCurrentActCtx

user32

WaitForInputIdle
GetAltTabInfoA
EnumChildWindows

tapi32

lineMonitorDigits

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ