a13c81c6a7f64404374ad68c87b20ae5_JaffaCakes118 | Triage

Sharing

General

Target

a13c81c6a7f64404374ad68c87b20ae5_JaffaCakes118
Size

17KB
MD5

a13c81c6a7f64404374ad68c87b20ae5
SHA1

c88a8df3dda1fae8172699ea14af7a0af2af42a1
SHA256

33e492fa6db662a29dda36222644794e30eb40fb4d3d73477a6f89a6db612be5
SHA512

8bca65a8ebe228fb81c1fe7bb6897d02a350dd77ad259547e3c0c32c9fa986617fb2f3a2f15a8863b3ceb09371ff10da8e6d35dd1d2d088c2c8b1a486d196503
SSDEEP

384:i6QBPd/EJelJ8OtutyXxN7OWxg5P9C3Q:QV/9gOtuUv/YFj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a13c81c6a7f64404374ad68c87b20ae5_JaffaCakes118

Files

a13c81c6a7f64404374ad68c87b20ae5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

873ead680967b91bba19c46562a98760

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP
GetTickCount
WaitForSingleObject
GetCommandLineA
HeapCreate
LoadLibraryExA
SuspendThread
LocalSize
GlobalUnlock
InterlockedExchange
CloseHandle
HeapReAlloc
lstrlenA
GetAtomNameA
GetStdHandle
GetModuleHandleA
WaitForMultipleObjects
VirtualProtect
GetSystemDefaultLangID
GetVersion
CompareFileTime

gdi32

FloodFill
GetMetaFileA
EqualRgn
GetMetaRgn
GetFontData
Ellipse
GetTextColor
GetRgnBox
DeleteObject
CreatePalette
EndPath
AbortPath
Escape
GdiFlush
DeleteDC
CreateICA
BeginPath
CreateFontA
GetStringBitmapA
EngLineTo

winmm

auxGetVolume
PlaySoundA
auxSetVolume
CloseDriver
OpenDriver

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ