ad2a71c4224074bec0eda07f37a6a0c2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad2a71c4224074bec0eda07f37a6a0c2_JaffaCakes118
Size

241KB
MD5

ad2a71c4224074bec0eda07f37a6a0c2
SHA1

a6a7792ef52723711a4f64f0607881b0634d6b26
SHA256

c23b22b0ebab87fb2874b990d17785d99af808300dc6610f46a3e5f7059e4863
SHA512

8426e1b6cc808d740c93361966b51d7050ee640377ccbed25b6387db56480a8a1b43d8df4ffcb1835edff16a273a5d5e8904735194ee667985b93d3b8c8f7007
SSDEEP

6144:ymX8cOQHmxVDprCwBrfazfsRj8LZsxbzSNmbofyL11s:HX8jQGxjLwkRj8FsxbzSNqo6LY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad2a71c4224074bec0eda07f37a6a0c2_JaffaCakes118

Files

ad2a71c4224074bec0eda07f37a6a0c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3c96a9eb09b75a8b2714a2230137473

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetCurrentProcess
IsDBCSLeadByte
FreeLibrary
TlsFree
lstrcatA
GetCurrentProcessId
GetLogicalDrives
GetUserDefaultLangID
GetSystemDefaultLCID
GetDriveTypeW
GetACP
GetCurrentThreadId
TlsGetValue
lstrcmpA
GetCurrentThread
GetModuleFileNameA
GetModuleHandleW
TlsAlloc
VirtualAlloc
TlsSetValue

user32

GetWindowDC
BeginPaint
GetWindowTextA
IsWindowVisible
ShowWindow
UpdateWindow
GetWindowLongA
GetClassLongA
ReleaseDC
GetWindow
GetForegroundWindow
GetWindowTextLengthA
GetActiveWindow
GetDC
GetSystemMetrics
CreateWindowExA
GetFocus
IsIconic
RegisterClassA

shell32

StrCmpNA
StrRChrIA
StrChrIA
StrCmpNIA
StrRChrA
StrChrA

msctf

DllCanUnloadNow
TF_GetThreadFlags
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ