82307c5fcc04c45406405dbbb41077d3_JaffaCakes118 | Triage

Sharing

General

Target

82307c5fcc04c45406405dbbb41077d3_JaffaCakes118
Size

80KB
MD5

82307c5fcc04c45406405dbbb41077d3
SHA1

aed2519187b4ee2292d5d19cde6017ba3d881335
SHA256

6b6e7d6997f7cde73713f4a3435901c891ce71741edd188e7b650a5be7ba85b5
SHA512

3569d32f4359c6cd915401236b967d23b70d5c06b0ba002852b48c11a979cab88bfc7559edcb2e108e0a6472c502510229ed5c973a2467f05dfbb94a32e35bec
SSDEEP

1536:JI/LaDUpxh0+Ggr2A8R7v3HdlOBfnT8Al/w8wZi9i25ag2hXhzExCI9GDd1:J2eDck+N2A8RD3HdlOBfnZ/w8Si9BJCR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82307c5fcc04c45406405dbbb41077d3_JaffaCakes118

Files

82307c5fcc04c45406405dbbb41077d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17adf462e81806e598e7e2c0026bf101

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GlobalUnlock
LoadLibraryExA
GetPriorityClass
VirtualProtect
GlobalDeleteAtom
GlobalFree
MultiByteToWideChar
Sleep
SetConsoleCP
GlobalAddAtomA
LockResource
GetTimeFormatA
GetACP
GetStdHandle
CloseHandle
EnterCriticalSection
RaiseException
HeapCreate
SizeofResource
GetLastError

user32

GetForegroundWindow
DrawEdge
GetActiveWindow
GetFocus
ValidateRect
DrawMenuBar
BeginPaint
GetMenuItemInfoA
GetClassNameA
EndPaint
GetClassInfoExA
GetWindow
IsIconic
GetCursorPos
ReleaseDC
AnyPopup
ShowWindow
GetParent
GetWindowTextA

mprapi

MprAdminUserRead
MprAdminUserOpen
MprAdminUserWrite
MprAdminUserGetInfo
MprAdminUserClose

mapi32

MAPILogonEx

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ