73b0bf1abd4ed2faee355677c33bceae_JaffaCakes118 | Triage

Sharing

General

Target

73b0bf1abd4ed2faee355677c33bceae_JaffaCakes118
Size

8KB
MD5

73b0bf1abd4ed2faee355677c33bceae
SHA1

650ab72da06aee8fec992604f87cf4dc470879c4
SHA256

a187dd4c19307b93b0ad284a09cd4c48e2ae532c2ffd7344fb7a9c58a1d5bcf9
SHA512

a7f0f4bd16f9201c1044297b9fd8f8804ee685de6a991209f293abdb4ea5eaa016207aac1431b4fc5a853ad82320056db8c9fb5612f094292cc6d3be85d744b4
SSDEEP

192:EYKembn8JXaliUHZvY3S4Pew2/vEOXY3TCQHRIBR:EYAwXaoUHZG0gOXYDCQHRC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/14057921.malware.sample

Files

73b0bf1abd4ed2faee355677c33bceae_JaffaCakes118
.zip
14057921.malware.sample
.exe windows:4 windows x86 arch:x86

270140cc5ffe7f76b509d5da6c63a1d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetVersion
HeapCreate
GetTickCount
InterlockedExchange
CloseHandle
GetAtomNameA
GetSystemDefaultLangID
CompareFileTime
GetConsoleCP
GetConsoleDisplayMode
LoadLibraryExA
GetModuleHandleA
WaitForSingleObject
LocalSize
GetCommandLineA
HeapReAlloc
GlobalUnlock
WaitForMultipleObjects
SuspendThread
VirtualProtect

gdi32

BeginPath
Ellipse
CreateFontA
EqualRgn
GetRgnBox
AbortPath
GetMetaFileA
GetTextColor
CreatePalette
Escape
FloodFill
DeleteDC
GetFontData
GetMetaRgn
EndPath
DeleteObject
EngLineTo
CreateICA
GetStringBitmapA

httpapi

HttpGetCounters
HttpInitialize
HttpTerminate
HttpRemoveUrl
HttpAddUrl

clbcatq

GetDllType

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ