b2134eb920da4a4da1ee10954594db83_JaffaCakes118 | Triage

Sharing

General

Target

b2134eb920da4a4da1ee10954594db83_JaffaCakes118
Size

636KB
MD5

b2134eb920da4a4da1ee10954594db83
SHA1

ee9ee5ab64aa82de0877f6dc5bcce66557d4d794
SHA256

18d217ab1c6a0ecf4bafc48381e41908df78e63d09e2ed7fd4a010145e96caed
SHA512

d57b59eae1076ea71ee3853d68c45fdca4023052f2efeebc155917bba3d8874141db18f2518e8a7dfdc5836588098ea5ef69269e56a65dbcd9afe91adb2333d8
SSDEEP

12288:fTqGBLl+LewWVZc6UtWHha81aSAt8KHdLzo1wljd0eDX6GvSJRuy:JLl+iwWVlUtWA8Y8K93o1wljd0E6USJn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2134eb920da4a4da1ee10954594db83_JaffaCakes118

Files

b2134eb920da4a4da1ee10954594db83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3b907eea7e7d855d589e7f4af5657cd3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
GetUserDefaultLangID
HeapReAlloc
GetVersion
lstrlenA
CloseHandle
VirtualProtect
GlobalSize
GetAtomNameA
HeapCreate
ResumeThread
GlobalUnlock
GetTickCount
GetConsoleDisplayMode
InterlockedExchange
WaitForSingleObject
LoadLibraryExA
GetConsoleCP
GetModuleHandleA
CompareFileTime
GetCommandLineA

user32

FrameRect
GetTitleBarInfo
GetParent
wsprintfA
ReleaseDC
DragDetect
GetClassNameA
DrawTextA
CloseWindow
GetDC
EndPaint
ShowWindow
GetFocus
SetForegroundWindow
BeginPaint
GetWindow
FillRect
GetCursorPos
CreateIcon

rastapi

AddPorts
DeviceListen
DeviceDone
DeviceConnect
PortClose

quartz

DllGetClassObject

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ