a3ab5bf6bfad6bc5982abed2629bb9f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3ab5bf6bfad6bc5982abed2629bb9f2_JaffaCakes118
Size

77KB
MD5

a3ab5bf6bfad6bc5982abed2629bb9f2
SHA1

c51711df98acf03078e8f93a0154b3be82f5480b
SHA256

af6b0c63a31bbb175f27383a37b8b7e26f745cba4116f440ccd27609e4320a66
SHA512

444e1919ff09d68433a51329e052345921c31808708595f1f5fd8599d811e0d4c0d47718d0e34f0197ed022a9d2714526e00af7f7d82f81a0f1a3dba2f7bd697
SSDEEP

1536:yv1Hy5+I+vSkFXZMtPoaJy5c0CdYI37j7JwKJz5GG236uvFe5pTExjA3:2HyIFXaPDY5c0O9+E5h2KqxU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3ab5bf6bfad6bc5982abed2629bb9f2_JaffaCakes118

Files

a3ab5bf6bfad6bc5982abed2629bb9f2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eb50ee27550758ebb9439975bd29940a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlFillMemoryUlong
memcpy

kernel32

GlobalAlloc
SizeofResource
GlobalFree
LoadResource
FindResourceA
UpdateResourceA

user32

ShowWindow
DispatchMessageA
SetWindowLongW
GetDlgItem
TranslateMessage
PostQuitMessage
GetMessageA
SetWindowTextA
DefWindowProcA
CreateWindowExW

gdiplus

GdipCreateBitmapFromStream
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipGetImageWidth
GdipGetImageHeight

gdi32

DeleteDC
DeleteObject
GetDIBits
CreateCompatibleDC

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 1024B - Virtual size: 738B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ