01203269c2e0e784d79420f14f9b1125_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01203269c2e0e784d79420f14f9b1125_JaffaCakes118
Size

158KB
MD5

01203269c2e0e784d79420f14f9b1125
SHA1

2530a8794efdaa7490f30d2c494dc16fb3fcef56
SHA256

6fe82024c0a1f1ae4d6930ffb870441d3737422346efb05534a4101afbf72524
SHA512

ae9e08e9d3cd974066e5a3e83066f5607321cfad1e9e05211669a32dee433231f5d852a10ae2a5816b4cad32cd79688f957dad834b4ec0d3bdd76f600c404bab
SSDEEP

3072:sK9smc3K+aCj93AnXGaNkdrgm9nl0JdqFJG2GztR07IVgfXs7ZsFz6x:JfcVho2eaJnl0JoLGtzz074IsYOx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01203269c2e0e784d79420f14f9b1125_JaffaCakes118

Files

01203269c2e0e784d79420f14f9b1125_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3d72c2249f14f4cc74dd098fd236f98a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
GetModuleHandleA
OutputDebugStringA
lstrcpyA
LoadLibraryA
GetProcAddress
HeapCreate
GetProcessHeap
ExitProcess
SetUnhandledExceptionFilter
HeapAlloc
lstrlenA

user32

GetActiveWindow
DispatchMessageW
UpdateWindow
SetWindowPos
CreateWindowExA
MessageBoxA
ShowWindow
FindWindowA
MessageBoxW
GetMessageW
SetFocus
TranslateMessage
DefWindowProcW

powrprof

GetPwrCapabilities
IsPwrShutdownAllowed
IsPwrHibernateAllowed
GetActivePwrScheme

wintrust

WintrustGetRegPolicyFlags

crypt32

CryptStringToBinaryA
CertCreateCertificateChainEngine

imagehlp

ImageEnumerateCertificates

winmm

mciSendStringW

clusapi

ClusterEnum

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE