a00b3bd52f1ca4a0e666d6cc04f79640_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a00b3bd52f1ca4a0e666d6cc04f79640_JaffaCakes118
Size

636KB
MD5

a00b3bd52f1ca4a0e666d6cc04f79640
SHA1

99a54f6a14a3534c72a408569a3eee1124743f37
SHA256

4d12ebcca40ac1712cd96eca9578a2937e421aaec0e1d316fdc85432405aefb1
SHA512

b01911af9e59be97add21f074d74cef09db4761bd3b2333c7d265641fcdc031d36df00533f7ca2816550f0de41bd815d9239bab7171fe80c878dc58979de5f3b
SSDEEP

12288:j7jpS31ZxKSpzluJzNo15jH78WtvspyjriT/bmUH4Cuf:njcZxKcUt2JH7ztdmTA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a00b3bd52f1ca4a0e666d6cc04f79640_JaffaCakes118

Files

a00b3bd52f1ca4a0e666d6cc04f79640_JaffaCakes118
.exe windows:4 windows x86 arch:x86

503f19f48b6c87df76bb03a9ac9b6a62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetSystemDefaultLangID
WaitForSingleObject
GetModuleHandleA
LoadLibraryExA
CompareFileTime
lstrlenA
SuspendThread
GetConsoleCP
WaitForMultipleObjects
GetTickCount
InterlockedExchange
GetCommandLineA
GetAtomNameA
GetVersion
LocalSize
GlobalUnlock
GetStdHandle
HeapReAlloc
CloseHandle
HeapCreate

gdi32

GetMetaFileA
DeleteObject
EngLineTo
AbortPath
GetStringBitmapA
EndPath
FloodFill
BeginPath
GetRgnBox
GetMetaRgn
DeleteDC
CreateICA
Ellipse
EqualRgn
CreatePalette
GetTextColor
GetFontData
Escape
CreateFontA

winmm

PlaySoundA
CloseDriver
OpenDriver
auxGetVolume
auxSetVolume

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ