a2b5766a448094a2c04f78a24f48ef2f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a2b5766a448094a2c04f78a24f48ef2f_JaffaCakes118
Size

111KB
MD5

a2b5766a448094a2c04f78a24f48ef2f
SHA1

0357664941cb54bc9a2ce46806ca29783626626e
SHA256

27f9cfdc270df8bbe2a66eff02e21dc1da179c5facb1081ea30dfb1f695872af
SHA512

d89799de981e19fd7a85493808f07d5369d8cb17e3d6dcecd8f9d6628ab0a03fe45050b59fa6492ecacbcba7ea4613f83cb1b892987f95a1037ca79f0a02fe5f
SSDEEP

3072:f6zd5ARqxfIZBTFR6E1Yj5ybHjgm6m24dMOJIV:g5A4CBJ13ro6uOJk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2b5766a448094a2c04f78a24f48ef2f_JaffaCakes118

Files

a2b5766a448094a2c04f78a24f48ef2f_JaffaCakes118
.exe windows:8 windows x86 arch:x86

51175c49e527026727a807acf90c9f7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SleepEx
LocalAlloc
GetCommandLineA
LocalFree
LocalAlloc
MultiByteToWideChar
GetProcessHeap
GetModuleHandleA
SetEvent
GetACP
GetModuleHandleA
GetCurrentProcessId
SetEvent

gdi32

CreateCompatibleDC
MoveToEx
DeleteDC
BitBlt
DeleteDC
DeleteDC
GetStockObject
DeleteObject

user32

SendMessageW
LockWindowStation
LoadIconW
SetTimer
SendMessageW
GetSystemMetrics
DefWindowProcW

ntdll

NtAllocateVirtualMemory

Sections

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ