67aaf3748973e723080804da5dd0292c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67aaf3748973e723080804da5dd0292c_JaffaCakes118
Size

204KB
MD5

67aaf3748973e723080804da5dd0292c
SHA1

378737947cd3c81dd386372309f06a12787ce7f6
SHA256

264bdc67bf7f6f82f08308c4511f74c8ef8e829746df723990e38d86748849af
SHA512

03065cc828e3855508c27def8735c933937350b43adc53ef269796a363762e99300eddd12422c2443397eb0a91328e961b0564b14a8931b3ab2be95a45e7e3a9
SSDEEP

6144:jmRR2zIVY7ZJvETdjSjphSLM+Eic2G9OkrRx:KRR2z4YLMTh2XBHzr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67aaf3748973e723080804da5dd0292c_JaffaCakes118

Files

67aaf3748973e723080804da5dd0292c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7cb4a0e003e34af55006613de5bb33c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventA
VirtualFree
LoadLibraryA
VirtualAlloc
VirtualProtect
OpenMutexA
GetProcAddress
GetModuleHandleA
TerminateThread
FindClose
ResetEvent
CreateWaitableTimerA
VirtualAllocEx
GetLastError
LocalLock
VirtualLock
GetPriorityClass
GetCurrentProcessId
VirtualQuery

user32

InSendMessage
LoadAcceleratorsA
IsWindowVisible
LoadIconA
FindWindowA
LoadCursorA
GetDesktopWindow
GetDC
SetTimer
ReleaseDC
GetCursorPos

gdi32

FloodFill

psapi

GetModuleBaseNameA
GetModuleInformation
EmptyWorkingSet

msvfw32

DrawDibStart
DrawDibClose
DrawDibEnd
ICClose
DrawDibOpen

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ