69dc9f3e8d1f2e5c8b48dd1fe34b8206_JaffaCakes118 | Triage

Sharing

General

Target

69dc9f3e8d1f2e5c8b48dd1fe34b8206_JaffaCakes118
Size

316KB
MD5

69dc9f3e8d1f2e5c8b48dd1fe34b8206
SHA1

37bfb95651c03b61fab8fd114e29fac668b877e0
SHA256

bb6dac1ad193ab0c1035c1524190736650657458075a413956212064a5789307
SHA512

5241243600ad78923d7600f6bc4806b06436f317b05af5b71ec09999f4128a6bdef0a2b298714591d7e979b6f71b8e5fd0f849b11626890d7c6aad7e4201622a
SSDEEP

6144:b8BmLHC9+7SxhjmqsfGCIUZXiwRlDzgnJOGHhZ9al5YgvysriJOh:b6h5mf3I2iwDzgn3Y5h6sriJ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69dc9f3e8d1f2e5c8b48dd1fe34b8206_JaffaCakes118

Files

69dc9f3e8d1f2e5c8b48dd1fe34b8206_JaffaCakes118
.exe windows:4 windows x86 arch:x86

19c77a4f77b567c1690fae441defc8d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
EnterCriticalSection
CloseHandle
GetLocaleInfoA
GetSystemDirectoryA
ResetEvent
HeapCreate
GlobalFree
GetStdHandle
GetCommandLineA
ReleaseMutex
Sleep
VirtualProtect
SetErrorMode
RaiseException
LoadLibraryExA
GetLastError
GetACP
SetEvent
GetLogicalDrives
InterlockedExchange

user32

GetActiveWindow
ReleaseDC
GetCursorPos
GetWindow
FlashWindowEx
EndPaint
wsprintfA
BeginPaint
IsIconic
FillRect
FrameRect
SetForegroundWindow
GetClassNameA
ShowWindow
GetParent
DrawTextA
ValidateRect
GetFocus
GetWindowTextA

httpapi

HttpTerminate
HttpAddFragmentToCache
HttpAddUrl
HttpCreateHttpHandle
HttpInitialize

winhttp

WinHttpOpen

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ