ac4bd1359b493a8ec118370398c39914_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac4bd1359b493a8ec118370398c39914_JaffaCakes118
Size

152KB
MD5

ac4bd1359b493a8ec118370398c39914
SHA1

1b94e69f16867da57b6d4ab9cd030f3402e6b2e7
SHA256

1df2015b68a43302d18ed74ce570d706055f549932c6496cc1bcfb4b66cfe1f6
SHA512

e829e4b03c129680605379eee58098b3de8145286af0193dbd96f32995d6bb30d1d9b01450dc9f711c68717a21e8adde88ede4a6402ba8c20f1a32dddd7d971b
SSDEEP

3072:kjwKaFfwQbi9hhg2faPLzj5PYFokcqqZIVz:0wKaFxbi9hhiFXZ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac4bd1359b493a8ec118370398c39914_JaffaCakes118

Files

ac4bd1359b493a8ec118370398c39914_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d61ca1d69117ad0412702d4b777197f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLCID
SwitchToThread
TlsSetValue
GetUserDefaultLCID
TlsFree
GetThreadLocale
GetOEMCP
VirtualAlloc
lstrcatA
GetModuleHandleW
GetFileAttributesW
AddAtomA
lstrcpyA
GetCurrentThreadId
GetCommandLineA
GetDriveTypeA
TlsGetValue
GetModuleFileNameA
DeleteFileA
IsDBCSLeadByte
FindFirstVolumeA

user32

CloseWindow
GetWindowTextA
ValidateRect
GetSystemMetrics
ReleaseDC
ShowWindow
GetClassInfoExA
GetDC
InvalidateRect
GetWindowDC
GetWindow
IsWindowVisible
GetForegroundWindow
IsIconic
GetFocus
GetActiveWindow
RegisterClassA
GetWindowTextLengthA
GetWindowLongA

psapi

GetWsChanges
EmptyWorkingSet
EnumPageFilesA
GetMappedFileNameA
GetModuleInformation
GetModuleBaseNameA

uxtheme

GetThemeInt
GetThemeBool
GetThemeFont
GetThemeColor

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ