7878538535f7f0b9807fa4d712ad001d_JaffaCakes118 | Triage

Sharing

General

Target

7878538535f7f0b9807fa4d712ad001d_JaffaCakes118
Size

415KB
MD5

7878538535f7f0b9807fa4d712ad001d
SHA1

8250afffd2855b9fbd94b97eee7c12aaccc584cd
SHA256

96b6a59ae8efb7698427dad984ea8d4d0216c7fad91ad83914b2ceaa6dbcfc8c
SHA512

05def12be65a600ae97c6fa0416f023fa0df7682e14710408970c29e2279bc4993f2320f611bd56c6280f8e0634129b97191c6e60fc8e660592c3e7e08084543
SSDEEP

6144:M1ojUwD3TilJTq4y+ydvMQp7Tmd7xG8twYU42vw:MKowTWTq4yzd/tS7U8tEn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7878538535f7f0b9807fa4d712ad001d_JaffaCakes118

Files

7878538535f7f0b9807fa4d712ad001d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c7cfb548c15ac3d008616f3e5aa912d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetACP
HeapCreate
RaiseException
Sleep
LoadLibraryExA
GetCommandLineA
LockResource
GlobalAddAtomA
GetFileAttributesA
GlobalFree
GetLogicalDrives
CloseHandle
SetErrorMode
GetSystemDirectoryA
GetLocaleInfoA
InterlockedExchange
VirtualProtect
GetLastError
GetStdHandle
GlobalDeleteAtom

user32

GetMenuItemInfoA
GetActiveWindow
IsIconic
wsprintfA
GetFocus
BeginPaint
ValidateRect
GetClassNameA
ReleaseDC
GetCursorPos
EndPaint
FrameRect
GetParent
DrawEdge
DrawTextA
GetWindow
SetForegroundWindow
GetWindowTextA
ShowWindow

httpapi

HttpRemoveUrl
HttpTerminate
HttpInitialize
HttpAddUrl
HttpCreateHttpHandle

wshtcpip

WSHNotify

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ