aad15551fb2d1c0c3c03bd9be5fd7689_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aad15551fb2d1c0c3c03bd9be5fd7689_JaffaCakes118
Size

182KB
MD5

aad15551fb2d1c0c3c03bd9be5fd7689
SHA1

0908712e3c05de8bd1e748e70935f95b38856cfd
SHA256

d53dbc6c14c032d1488e46457805b40b54426e5439f1308e0ac39db22344f0e3
SHA512

1f3cc94e7e2544e8dd6ad2d19ffdacd5a4556e80206514e585a57f61d71b92955fe930d0dc46d1c656c0b1f3b6a05c509185610ce94104d04b1452541588ad82
SSDEEP

3072:re40Zzh77aE2aZoB7od8M0B+S1IntKz/KRYeC+M2/tg6QbDJW:rxo/am6B7od8MewWXeDfG6m0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aad15551fb2d1c0c3c03bd9be5fd7689_JaffaCakes118

Files

aad15551fb2d1c0c3c03bd9be5fd7689_JaffaCakes118
.exe windows:4 windows x86 arch:x86

56db554a27239dabe608be3cf5e2a01f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLongPathNameW
lstrcpynA
GetFileAttributesA
LockResource
GetProcessHeap
IsBadWritePtr
MultiByteToWideChar
InterlockedIncrement
LeaveCriticalSection
DisableThreadLibraryCalls
InterlockedDecrement
SetThreadContext
InitializeCriticalSection
lstrlenA
lstrcatA
lstrcpyA
GetVersion
EnumResourceTypesA
HeapReAlloc
FindResourceA
HeapFree
WideCharToMultiByte
ExitProcess
GetProcAddress
DeleteCriticalSection
lstrlenW
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
LoadResource
EnterCriticalSection
HeapAlloc
GetLocaleInfoA

clusapi

CloseCluster

user32

CharNextA
EndPaint
SetDlgItemTextA
PtInRect
ReleaseDC
UnregisterClassA
SetWindowRgn
GetActiveWindow
SetWindowLongA
GetKeyState
DestroyWindow
EqualRect
DefWindowProcA
LoadAcceleratorsA
GetWindowRect
OffsetRect
GetDC
MoveWindow
BeginPaint
SetFocus
IntersectRect
GetDlgItem
SetParent

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ