b892870631725369db7f255198522e49_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b892870631725369db7f255198522e49_JaffaCakes118
Size

156KB
MD5

b892870631725369db7f255198522e49
SHA1

a3de02438abf3fc961184379da64abad28a2bf02
SHA256

03dc9d2f51854aa11cf93ca6dda8dd46f92f927d47e093f746e89eb25056fbc6
SHA512

912f9d28a483f7c2f4960111faf317bb2073a4b386d1aa7f158e2380c163967c5ea0fd68a7e3e8f7d7cd4c8459d527b958948aa5a2e266cc01374e76e721c2ec
SSDEEP

3072:Z612XVqqVIAlGEInCOx7EVgeLCStSrsfp4ZdWh9NRI+JcMb8tyvl9RXECagIQCs7:I1MTGNiLCSSrc4ZdWh9tqit9WgFTDN1h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b892870631725369db7f255198522e49_JaffaCakes118

Files

b892870631725369db7f255198522e49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a95855ce0893f0d72d730cace5699b35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextColor
GetBkColor
GetMapMode
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
GetStockObject
CreatePatternBrush
DeleteDC

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

user32

wvsprintfA

kernel32

GetCurrentDirectoryW
GetSystemTimeAsFileTime
GetProcessHeap
FindFirstVolumeA
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess

oleaut32

LHashValOfNameSys
DispGetIDsOfNames
VarUI4FromDec
SysFreeString

Sections

.text
Size: 85KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ