a20bb5fa9524c62a5ef00b6441df091f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a20bb5fa9524c62a5ef00b6441df091f_JaffaCakes118
Size

129KB
MD5

a20bb5fa9524c62a5ef00b6441df091f
SHA1

94400e831d0cfde40b06085595f52fc3bd4c3b61
SHA256

9ad3a734ae0b53426abdb25962a8f06571d153b58fa38413bc7af8067f67655a
SHA512

7269728a4b44df7117e7d18dc70633c397746ba2613b65d9a40e3ea119d063620aa7327d6d99cc826070adc5ee4b80cf748ef5be5e61844000f867f7e4897fef
SSDEEP

3072:d9xZ8wX0jJdm+w1zZNzSPBIsdcC65wXnMgm1Q8+LSHjxW/es6M:d9xiw4L7w1oBIswOXz8+LSHjxWWW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a20bb5fa9524c62a5ef00b6441df091f_JaffaCakes118

Files

a20bb5fa9524c62a5ef00b6441df091f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4dc16b2d905641f04bd5dbf50034d440

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PulseEvent
GetModuleHandleA
HeapCreate
GlobalUnlock
LocalFree
CreateMutexA
CloseHandle
GetStdHandle
lstrlenW
FindResourceA
TerminateThread
LoadLibraryExW
GetCurrentThreadId
GetConsoleMode
SetLastError
CreateFileA
ReleaseMutex
SetEnvironmentVariableA
Sleep
TlsGetValue

user32

DrawEdge
GetClipCursor
CheckRadioButton
IsWindow
FillRect
GetDlgItem
SetFocus
GetIconInfo
GetDC
CallWindowProcA
CopyRect
DispatchMessageA
DrawMenuBar

apphelp

SdbFindFirstTag
SdbGetDatabaseID
SdbCloseDatabase
ApphelpCheckIME
SdbFindNextTag

clbcatq

ComPlusMigrate

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE