774c297fcfa4bd66913a5c8a5206ec29_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

774c297fcfa4bd66913a5c8a5206ec29_JaffaCakes118
Size

42KB
MD5

774c297fcfa4bd66913a5c8a5206ec29
SHA1

63164580238059d787771482e6882025854a6bd7
SHA256

10fab133c117a8b28ac08b18aa9c7c7c5d0af3baf0a5e84360d7bc4bf2d4dd15
SHA512

3ecbdca5b3d27b39fc432927d4b4ab13ba48468a104b1f89066c9c3a4de0ef8b143225e6415263e15df8ae76b350facae91f7cc782645261c02b274f083a500b
SSDEEP

768:5YR0/gDUh0y9+uTIB7R3MKUqeiCvXo3EtBGK2:SRigDMuBRHc/40Sn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
774c297fcfa4bd66913a5c8a5206ec29_JaffaCakes118

Files

774c297fcfa4bd66913a5c8a5206ec29_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d3a3d5321490402483046df4a343b3d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
ExitProcess
IsBadReadPtr
lstrcmpiA
LoadLibraryA
GetProcAddress
VirtualProtect
CreateThread
GetModuleHandleA

user32

DefWindowProcA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SendMessageA
KillTimer
GetMessageA
DispatchMessageA
TranslateMessage
SetTimer

Exports

Exports

func1
func2
start

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 398B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ