885aadc27576daacdc33a6d137d2be13_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

885aadc27576daacdc33a6d137d2be13_JaffaCakes118
Size

317KB
MD5

885aadc27576daacdc33a6d137d2be13
SHA1

9638dcb95c249e4d2c45595ac7db99db262a161a
SHA256

1e9753bb78006eb2c0393913f2bf3f6f943bac08cabf7d93dc7250eb1f2be477
SHA512

f9a25db1617bd2952ecb25b492b5842569fd6b397950f00bc8f10af80af432d9126fecaa78e9ba8bb3cea5076768dd689b43621f570bae3b4fe4dffac8dfe8c4
SSDEEP

6144:YxvERPh5qe7/JFB7XYdjSYGioU8DmiUtH:YyRP2e7/JFTD1UtH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
885aadc27576daacdc33a6d137d2be13_JaffaCakes118

Files

885aadc27576daacdc33a6d137d2be13_JaffaCakes118
.exe windows:4 windows x86 arch:x86

90296133731c9984d328061c9801bb72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
CloseHandle
VirtualAlloc
SetConsolePalette
HeapCreate
GlobalUnlock
LoadLibraryExA
GetOEMCP
EnterCriticalSection
GetStdHandle
GlobalAddAtomA
DeleteAtom
LoadResource
GetProfileStringA
GlobalFindAtomA
LocalFree
GetProcessHeap
lstrcat
RaiseException
SetCommBreak
GlobalFree

user32

GetClassNameA
GetClassInfoExA
EndPaint
GetWindow
GetFocus
CloseWindow
ValidateRect
DrawEdge
GetWindowTextLengthA
ReleaseDC
IsIconic
GetActiveWindow
GetDC
BeginPaint
GetWindowTextA
GetParent
GetForegroundWindow
AlignRects
ShowWindow

wsock32

WSASetBlockingHook
WSAAsyncGetServByPort
WSAGetLastError
WSACleanup
WSAStartup

linkinfo

CreateLinkInfoA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ