88b543a508e73f304c2ed70fd3370395_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

88b543a508e73f304c2ed70fd3370395_JaffaCakes118
Size

448KB
MD5

88b543a508e73f304c2ed70fd3370395
SHA1

cadaf988c4a1a1b3cb16082825fa03112c110c39
SHA256

e6deb2b99f1ace029b36e655fd006964b103f8e588df84c905d57da18b2227a9
SHA512

55342d6c7624ebf65458325d23b737b944f5735545ca530fde34d94d06e9d5e7132ac1c330469d3986659399a26dace7be148470b6d4c4b0796bdd2d9b463cf8
SSDEEP

12288:CRn/sfVIi3lXP0A685ItTpEdmry0eGR5xUktG:C9/c7y/zCYG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88b543a508e73f304c2ed70fd3370395_JaffaCakes118

Files

88b543a508e73f304c2ed70fd3370395_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b131392a06d2cc6234b91c360e1c7775

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleOutputCP
FoldStringA
LoadLibraryExA
RaiseException
GlobalAddAtomA
GlobalDeleteAtom
Sleep
GetDriveTypeA
LockResource
GetLastError
InterlockedExchange
SetErrorMode
VirtualProtect
EnterCriticalSection
GlobalUnlock
CloseHandle
GlobalFree
GetLocaleInfoA
GetACP
GetStdHandle
HeapCreate

user32

DrawTextA
GetActiveWindow
IsIconic
SetForegroundWindow
GetClassNameA
GetCursorPos
ShowWindow
GetParent
CharToOemBuffA
ValidateRect
ReleaseDC
GetWindowTextA
ClipCursor
GetMenuItemInfoA
BeginPaint
GetWindow
DrawEdge
GetFocus
EndPaint

version

VerInstallFileA
VerFindFileA
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

rasadhlp

WSAttemptAutodialName

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ