a625456cc21364cbc8f2a5264713715d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a625456cc21364cbc8f2a5264713715d_JaffaCakes118
Size

16KB
MD5

a625456cc21364cbc8f2a5264713715d
SHA1

7227a03c6835b8ada313f7b8e6e62548314b34f5
SHA256

150f9e7414359d08da930248238680ae021b62b2778e8adb976b3f08980b0756
SHA512

d4669c5ed631cb296b26f16d252ce3571694e240b665e9deab5857045db0166200b772ce40c10c2b8d724f1aec8b5a5d124cd058a393e6df1460cda08a8422c8
SSDEEP

384:SpvDWjipHQW8eCpri+7gvY7xc18fTrg4t4TFrn:QrKipHQyEYA7xcuf4O4TFrn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a625456cc21364cbc8f2a5264713715d_JaffaCakes118

Files

a625456cc21364cbc8f2a5264713715d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1241f7e18be9944c2dba26451724768

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
SizeofResource
VirtualProtect
GetStdHandle
GlobalDeleteAtom
InitAtomTable
RaiseException
LockResource
EnterCriticalSection
GetPriorityClass
LoadLibraryExA
GetTimeFormatA
GlobalUnlock
CloseHandle
HeapCreate
MultiByteToWideChar
SetErrorMode
GetLastError
GlobalAddAtomA
SetConsoleCP
GlobalFree

user32

GetClassNameA
GetMenuItemInfoA
GetCursorPos
BeginPaint
IsIconic
AnyPopup
DrawMenuBar
GetWindow
GetWindowTextA
GetParent
GetFocus
EndPaint
GetClassInfoExA
GetActiveWindow
ValidateRect
DrawEdge
ShowWindow
GetForegroundWindow
ReleaseDC

mprapi

MprAdminUserOpen
MprAdminUserRead
MprAdminUserGetInfo
MprAdminUserWrite
MprAdminUserClose

mapi32

MAPILogonEx

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ