b503a5270a391c3698c9e9a8a7b5693b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b503a5270a391c3698c9e9a8a7b5693b_JaffaCakes118
Size

638KB
MD5

b503a5270a391c3698c9e9a8a7b5693b
SHA1

fba5eb5057b35a4444c301434b6353e500812a00
SHA256

0ce259bc1062a7f3c17f977d195f6af502e04dc25254da18ed0de8206e92180c
SHA512

83346c92a4abd9f624fd7988de409aa5f5c92122b569ddd75398deecb7dc268404533dba10ee0edadfffa1b8428d1ddb316337698a6812f63d33495133be6c90
SSDEEP

12288:/FzPLLB8Av2QvIYv+fHDH0GFBhoz1DZNQuwatXwvYuNh1HB9Qf2xwO:/FOa2Qv5vGz0iBhoBDZNQKIvOuxt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b503a5270a391c3698c9e9a8a7b5693b_JaffaCakes118

Files

b503a5270a391c3698c9e9a8a7b5693b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

27c635b49b7a8fe2dc85a168d023823b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetProfileIntA
GetConsoleCP
GetSystemDefaultLangID
WaitForMultipleObjects
InterlockedExchange
AddAtomA
VirtualProtect
GetTickCount
GlobalUnlock
GetStdHandle
LoadLibraryA
HeapCreate
WaitForSingleObject
GetModuleHandleA
GetVersion
CompareFileTime
CloseHandle
TlsFree
HeapReAlloc
TlsGetValue

user32

UpdateWindow
GetKeyboardLayout
PaintDesktop
FindWindowA
DestroyMenu
CopyRect
GetKeyState
EnableScrollBar
ModifyMenuA
DialogBoxParamA
GetDlgItem
SubtractRect
GetWindowTextA
TranslateMessage
CreateCaret
InsertMenuA
GetMenuStringA
DispatchMessageA
CreateCursor
SetPropA
MessageBoxA
ShowWindow
EqualRect
PostMessageA
SetWindowPos

msi

MsiGetMode
MsiDoActionA
MsiCloseHandle
MsiEnumProductsA
MsiEnumClientsA

ws2_32

WSAAccept

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ