6696ab263baf2087f9d4045524afbf48_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6696ab263baf2087f9d4045524afbf48_JaffaCakes118
Size

39KB
MD5

6696ab263baf2087f9d4045524afbf48
SHA1

de98883f4332fe2aa76f6cc40f5b522883eb3583
SHA256

dbe190e93ed722d37ac5b1d5af9d54f0ca3c80a0b56136ddee26a8f349f33007
SHA512

cb9767dd1e255252c69dadf1997dfad970854a1c7f25a0db4c9a50a18395c812fe810bbf1fe86c44767786413d97754133253614cb52bfd2b92d334216a11a73
SSDEEP

768:i2rH8NSvGd1HIQ9rd/l/iabH9exhGYfYRxaUrYmXNL90oGnTmnrU+W00HnHm:VeWGd1oQVdoa8x5SaU/dLi9iWPHnG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6696ab263baf2087f9d4045524afbf48_JaffaCakes118

Files

6696ab263baf2087f9d4045524afbf48_JaffaCakes118
.exe windows:4 windows x86 arch:x86

269349836cd1ea268449c676855301d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CompareStringA
ExitProcess
FindResourceA
FreeLibrary
GetACP
GetCommandLineA
GetCurrentProcessId
GetEnvironmentVariableA
GetModuleHandleA
GetOEMCP
GetProcessHeap
GetStartupInfoA
HeapAlloc
HeapCreate
HeapReAlloc
InterlockedExchange
LCMapStringA
MapViewOfFile
MultiByteToWideChar
ResumeThread
RtlUnwind
SetLastError
SetUnhandledExceptionFilter
TlsSetValue
WriteConsoleA
lstrcatA
lstrlenW

msvcrt

__getmainargs
__p__commode
__set_app_type
_stricmp
exit
strspn
time
wcscpy

user32

IntersectRect
LoadCursorA
MapWindowPoints
ReleaseCapture
SetTimer
GetWindowPlacement
GetClassNameA
GetCapture
DefFrameProcA
GetDesktopWindow

ole32

CreateAntiMoniker
CoTaskMemFree
CoCreateInstance
CoCreateGuid

Exports

Exports

TTF_WasInit

Sections

.text
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ