ac7f47f734064303910ce2013048d37f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac7f47f734064303910ce2013048d37f_JaffaCakes118
Size

112KB
MD5

ac7f47f734064303910ce2013048d37f
SHA1

c19e2238c946deacdda16ed6437228bf97b62487
SHA256

d5f7322df2c5f0eaced5efe55c53f411c16515586495989550e2618a5d56862c
SHA512

de91caa4820515ba9d83473f315e68264f4af3e0b6db57edc9d0e579c5d310a294ed43ca032de86b53e5fd3c95b0863245806aee70c3fa9d2f97eabf27bf38a2
SSDEEP

3072:f6zd5ARqxfIZBTFR6E1Yj5ybHjgm6m24dMOJIX:g5A4CBJ13ro6uOJi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac7f47f734064303910ce2013048d37f_JaffaCakes118

Files

ac7f47f734064303910ce2013048d37f_JaffaCakes118
.exe windows:8 windows x86 arch:x86

51175c49e527026727a807acf90c9f7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SleepEx
LocalAlloc
GetCommandLineA
LocalFree
LocalAlloc
MultiByteToWideChar
GetProcessHeap
GetModuleHandleA
SetEvent
GetACP
GetModuleHandleA
GetCurrentProcessId
SetEvent

gdi32

CreateCompatibleDC
MoveToEx
DeleteDC
BitBlt
DeleteDC
DeleteDC
GetStockObject
DeleteObject

user32

SendMessageW
LockWindowStation
LoadIconW
SetTimer
SendMessageW
GetSystemMetrics
DefWindowProcW

ntdll

NtAllocateVirtualMemory

Sections

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ