8bde817dd7ed9528814ec2c3619d47ad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8bde817dd7ed9528814ec2c3619d47ad_JaffaCakes118
Size

856KB
MD5

8bde817dd7ed9528814ec2c3619d47ad
SHA1

0d3dd77e5dcf9af1f0a5741c86cb5a3142a026fe
SHA256

500da254d89d0da6afcf35c7d018c2e34be408ddcd8cd24032c07defeaaf1138
SHA512

2ee3d5381f56130b5fedadae9303a0409c2ad0379fa5a371a479747cd2dcd4f47c27a05fcc1d4db662a0bff7dbeec15040fa7ad43027ca3c9d09085e5e4d7a17
SSDEEP

12288:TLXR6gLoecCUGt5l+7nGE5O+wHvHV9z8Xq6k/8NSDo2tptiKVNV:3R60oenzEjGE5O+w34Xbg8NSPvvV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bde817dd7ed9528814ec2c3619d47ad_JaffaCakes118

Files

8bde817dd7ed9528814ec2c3619d47ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c83c0b8a45a245c6e9306f7af2a08d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadCodePtr
SuspendThread
GetPriorityClass
GetModuleFileNameA
GetCommandLineA
GetEnvironmentVariableA
CreateMailslotA
GetStdHandle
GetFileAttributesA
GetProcessTimes
GetCurrentProcessId
DeleteAtom
GetModuleHandleA
GetStartupInfoA
FindAtomA
ReadFile
CloseHandle
DeleteFileA
HeapDestroy
HeapCreate

user32

GetWindowLongA
GetClassInfoA
CallWindowProcW
SetFocus
DestroyMenu
DrawTextW
GetWindowInfo
IsWindow
GetClientRect
GetKeyState
DispatchMessageA
GetSysColor
DispatchMessageA
DestroyMenu

mmcshext

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 846KB - Virtual size: 845KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ