b508d04d6e04c1b158c87e13925e31c0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b508d04d6e04c1b158c87e13925e31c0_JaffaCakes118
Size

149KB
MD5

b508d04d6e04c1b158c87e13925e31c0
SHA1

450f2cc86df37362c42ef78e2956d8968e3337fe
SHA256

921d1b0f88138e0f5b2b57e5483effb431779c0aefbad629cff18eb7500196de
SHA512

1b8c10fcca2163878ea3a530e490399ceb944d3178c7e340e02a8eb7c21bae4fe38cca0da9db2a45a562c8e863a2b91743348da33dd6e7ba18bf3552fb5198fd
SSDEEP

3072:0aHAEeqRCSPq/mCZFWBGvMvAVMfb3CcDtuutfAQe3FAEY7llc15zYeuZsIWUx/DF:0GQqRCSPYWoEvkMDdUuBOAEKlc15zeb1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b508d04d6e04c1b158c87e13925e31c0_JaffaCakes118

Files

b508d04d6e04c1b158c87e13925e31c0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d2a6a028cfb0d3038cf8a3e3399af6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

CharUpperW
KillTimer
GetDC
GetMessageW
DispatchMessageW
CharNextW
PostThreadMessageW
TranslateMessage
wsprintfW
SendMessageW
SetTimer
UnregisterClassA

winspool.drv

DocumentPropertiesW

kernel32

lstrcpyW
DeleteCriticalSection
lstrcpyW
LockResource
CheckRemoteDebuggerPresent
MultiByteToWideChar
GetCPInfo
FindClose
EnumResourceTypesW
GetACP
GlobalAlloc
GetTickCount
GetLastError
lstrcmpiW
lstrcpyA
OutputDebugStringW
InitializeCriticalSection
GlobalFree
WideCharToMultiByte
lstrlenW
GetModuleHandleW

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isete
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ