858a1cbb5af75666338795ecf5ee8b3c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

858a1cbb5af75666338795ecf5ee8b3c_JaffaCakes118
Size

317KB
MD5

858a1cbb5af75666338795ecf5ee8b3c
SHA1

c463f1f6805eb310eb4271859e980218be9e98f2
SHA256

14c7d2ac770a3c0c818b04614bc3e14ad11574420200bbdc293e707c3b2adb0c
SHA512

92556698cebd4b70fae910bb74dfd786066e64173bb5c9c84cdd8797df67d0f53a624c77da6766c6e0337e534710afee96fab70ea44785df383598927d2e6a32
SSDEEP

6144:8QvERPh5qe7/JFB7XYdjSYGioU8DmiUtH:8XRP2e7/JFTD1UtH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
858a1cbb5af75666338795ecf5ee8b3c_JaffaCakes118

Files

858a1cbb5af75666338795ecf5ee8b3c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6aec7bb6203792df8b8a923a8d042495

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
DeleteAtom
GlobalUnlock
GetProcessHeap
CloseHandle
GlobalAddAtomA
GetProfileStringA
EnterCriticalSection
GetStdHandle
HeapCreate
GlobalFindAtomA
SetCommBreak
GetOEMCP
VirtualAlloc
LocalFree
GlobalLock
SetConsolePalette
lstrcat
LoadResource
RaiseException
GlobalFree

user32

BeginPaint
DrawEdge
GetClassInfoExA
GetForegroundWindow
GetActiveWindow
GetDC
GetWindow
GetFocus
GetWindowTextA
IsIconic
CloseWindow
ReleaseDC
ShowWindow
GetClassNameA
EndPaint
GetParent
AlignRects
ValidateRect
GetWindowTextLengthA

wsock32

WSAAsyncGetServByPort
WSACleanup
WSASetBlockingHook
WSAStartup
WSAGetLastError

linkinfo

CreateLinkInfoA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ