b295e43f640fe3672e1ec9a3159548f4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b295e43f640fe3672e1ec9a3159548f4_JaffaCakes118
Size

312KB
MD5

b295e43f640fe3672e1ec9a3159548f4
SHA1

d8798ea987e52a63cf9ae051c92f93af6021aa8b
SHA256

d5923b3f19ca79627b30c3e6b3b45e59d63e25753936b3b8e667994af9ab8a9b
SHA512

c67b726f7ffe8c325198f142b2f1ac31ae442a46b839eca2da59b60ceee6bb8880bb9a7d60052eadc5bf6bbb41e317099316e946023ab9e349a9c7b55021338d
SSDEEP

6144:ybn8YMs5a8nqK7eEvRoOY5Oka6Q2iH0699R2rF531xjk:4n8FK7eEvyOY8kb/c4p91K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b295e43f640fe3672e1ec9a3159548f4_JaffaCakes118

Files

b295e43f640fe3672e1ec9a3159548f4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

763e6de376c8aef05cad4cfc6a6466c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
CompareStringA
GlobalFindAtomA
GetModuleHandleA
GetPriorityClass
VirtualAlloc
GetConsoleCP
TlsFree
CreateThread
ReleaseMutex
CreateMutexA
GetOEMCP
SetEvent
CreatePipe
IsDBCSLeadByte
GetExitCodeThread
GetProcessHeap
GetThreadLocale
GetUserDefaultLangID
GetStdHandle
TlsGetValue

user32

GetWindow
ShowWindow
IsWindowVisible
GetDC
CloseWindow
GetSystemMetrics
GetWindowTextLengthA
GetFocus
IsIconic
GetClassInfoExA
GetClassNameA
ReleaseDC
ReleaseDC
InvalidateRect
ValidateRect
RegisterClassA
GetWindowTextA
GetForegroundWindow
GetActiveWindow

shell32

SHCreateShellItem
SHGetFolderPathA
SHGetFileInfoA
SHBrowseForFolderA
SHChangeNotify

ntdsapi

DsBindA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ