896023c268107b84efd0d46d48808986_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

896023c268107b84efd0d46d48808986_JaffaCakes118
Size

241KB
MD5

896023c268107b84efd0d46d48808986
SHA1

431fd0eb295b850abe3d58288e10bfa3c0ccad36
SHA256

09b5bbeffef0071381e2657da151d602d708a0bb0b145b2e016288df4f1c2983
SHA512

95117b8bc857173962159998f006603a5540d3e4fbc0b1b5280b4e57ab95e86c643bcc7a2f5d1d822ffdd4f9e289c17e8f32422a1891dad18dadc3efc627142c
SSDEEP

6144:nXcwWFhukYE/0QZv0m9O4b1I26+BQBoY6:nXRWFHn/0UZOw1MFBoY6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
896023c268107b84efd0d46d48808986_JaffaCakes118

Files

896023c268107b84efd0d46d48808986_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cfca4e2fd4a99bd8f93c8bb1c6cf2e00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GlobalFlags
GlobalLock
FindAtomA
LoadResource
EnterCriticalSection
VirtualAlloc
LoadLibraryExA
RaiseException
WriteProcessMemory
ExitThread
GlobalFree
CloseHandle
DeleteAtom
GetCommState
GetStdHandle
ClearCommBreak
GetOEMCP
GlobalAddAtomA
GlobalCompact
GetProfileStringA

user32

BeginPaint
ShowWindow
GetWindow
GetForegroundWindow
EndPaint
DrawEdge
RegisterClassA
GetActiveWindow
GetClassNameA
GetParent
ValidateRect
GetDC
CloseWindow
GetClassInfoExA
GetWindowTextLengthA
IsIconic
GetFocus
ReleaseDC
GetWindowTextA

wsock32

WSAStartup
WSAGetLastError
WSACleanup
WSAAsyncSelect
WSAIsBlocking

dot3api

Dot3SetProfile

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ