b0bdbc3267269a475986646deba7b292_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0bdbc3267269a475986646deba7b292_JaffaCakes118
Size

131KB
MD5

b0bdbc3267269a475986646deba7b292
SHA1

b96c2ebc71c0acb716884a734b10ef7f74de5d70
SHA256

823de987ff861bb03fbb53bb9c745c44206ca210c950ed9b5eeacf8e66b1f8ba
SHA512

316bbd0f1b3b230dc4a588382a8e71fad138d182eb8aa93aee476aff2873a607fc77374870c168607710e836292a26ca1d27843cbc4319b6bbfd7682a0e61e6a
SSDEEP

3072:cTwiw84wtMR/VizGvJgzPS/jyIYyRoHU4bKJe8SzX5:cTg84wiBeGePS/TroHLKJMzJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0bdbc3267269a475986646deba7b292_JaffaCakes118

Files

b0bdbc3267269a475986646deba7b292_JaffaCakes118
.exe windows:4 windows x86 arch:x86

64e5955d9345e6e12596d1d46b8aed83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
GetModuleHandleA
CreateFileA
IsBadStringPtrA
HeapCreate
GetStartupInfoA
SuspendThread
IsDebuggerPresent
TlsGetValue
ResumeThread
CancelIo
GetModuleFileNameA
DeviceIoControl
DeleteFileA
GetDriveTypeA
GetACP
PulseEvent
lstrlenA
TlsAlloc
ReleaseMutex

user32

DrawTextW
IsWindow
DestroyMenu
GetWindowLongA
PeekMessageA
DestroyWindow
DispatchMessageA
IsZoomed
CallWindowProcW
DispatchMessageA
FindWindowW
LoadImageA
GetIconInfo

amstream

DllRegisterServer
DllRegisterServer
DllRegisterServer
DllRegisterServer

cryptui

LocalEnroll

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 863KB - Virtual size: 862KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ