af3da0843b40a7947da5fda9d409c3a0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af3da0843b40a7947da5fda9d409c3a0_JaffaCakes118
Size

3KB
MD5

af3da0843b40a7947da5fda9d409c3a0
SHA1

5eb57921b46b4ed157cc58e14ef7062e129d8022
SHA256

5511a77a25223674d17eb448cc032e65bc24a4b191bdc273f44336b9aac2ae94
SHA512

e9d2cbe08e619c3a261a1a6613a023c062dd38cd3c40ddaf5d87005c3b9931fc37a22abd214e81ca61b08a10478d442bd0944d0883c9f4f17cbcd5f0ccc4f47b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af3da0843b40a7947da5fda9d409c3a0_JaffaCakes118

Files

af3da0843b40a7947da5fda9d409c3a0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fb810b557389e8261ae04e4276a2c5c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
lstrcpyW
GetVersion
GetSystemTime
GetCurrentThread
LoadLibraryA
GetCurrentProcessId
GetProcessWorkingSetSize
GetCurrentProcess
DebugActiveProcess
SetProcessPriorityBoost
LoadLibraryW
CreateEventA
GetCurrentThreadId
VirtualAlloc
WaitForSingleObject
GetProcAddress
IsBadReadPtr
VirtualProtectEx
VirtualFree
GetModuleHandleA
Sleep
SystemTimeToFileTime
GetThreadTimes

user32

DestroyWindow
GetMenuItemCount
HideCaret
GetKeyboardLayout
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
MessageBoxA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ