8954b606d89e8d3f6ad8d7e689bb3c8a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8954b606d89e8d3f6ad8d7e689bb3c8a_JaffaCakes118
Size

393KB
MD5

8954b606d89e8d3f6ad8d7e689bb3c8a
SHA1

1338a7477dc5636392d7b7777f1663e4fa85236e
SHA256

4ac0517484c020d3d4f9cc16856ccd03c56e8079834394cab8978c1b53f2fd30
SHA512

51060b5adff3b7fc6b14990eca6dfeec6b9f11e3dd2c0346782a4aaa1059d1b7de883bed93bf846f953f798be36e143580170e1c336bc1d2fef8958d957c91d5
SSDEEP

6144:fQGxFHo5nhxlGFWPgynsiNYBoGFFYhaRRXcuCiX++Vzrmkqmu5jbmdVnakr:fzQnhxUUSbuGFehOsuC8Xmklbakr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8954b606d89e8d3f6ad8d7e689bb3c8a_JaffaCakes118

Files

8954b606d89e8d3f6ad8d7e689bb3c8a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8f2feac3b9344210d0c1eeb287556ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
CloseHandle
CreateMutexA
GlobalUnlock
LoadLibraryExW
GetModuleHandleA
LocalFree
SignalObjectAndWait
HeapCreate
TlsGetValue
CreateFileMappingA
CreateFileA
ExitProcess
GetConsoleCP
Sleep
LocalLock
GetACP
FindClose
GetLastError
FindAtomA

user32

IsWindow
GetDC
FillRect
GetFocus
DrawFrame
DefWindowProcW
CopyRect
CheckRadioButton
GetDlgItem
CallWindowProcA
DrawEdge
DispatchMessageA
GetIconInfo
MessageBoxA

clbcatq

InprocServer32FromString
SetupOpen
GetCatalogObject
SetSetupSave
GetComputerObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ