bd740797ff1416131944f290b384a03e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd740797ff1416131944f290b384a03e_JaffaCakes118
Size

312KB
MD5

bd740797ff1416131944f290b384a03e
SHA1

e07453fb0be378cd9275d79b393908574da182b9
SHA256

25706ccc09a1189da0266d224055ec243564df8803889c8196f2c51159b7f62e
SHA512

e8633c39cbf2ba44438a6e7709e9fe66d033d0ed392ad4fc2b580e8802b3e9904a15911daeb21609402f926a46f7a3be0c8c293e986c118457beb03447db45f3
SSDEEP

6144:SrTuETVyp+zFTan/bdV+6A5iP2naGmzvXYu5aRCaMMQG:SWr+zUDvA5eYYvYiaPMY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd740797ff1416131944f290b384a03e_JaffaCakes118

Files

bd740797ff1416131944f290b384a03e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c2cc09cc356e1487b3234e106a0fba9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCompressedFileSizeA
FreeEnvironmentStringsA
VirtualProtect
FlushFileBuffers
GetCurrentThread
GetSystemDirectoryA
SetEvent
GetLocaleInfoA
RaiseException
ReadConsoleA
LoadLibraryExA
GetCurrentProcessId
GetCurrentProcess
InterlockedExchange
GetCommandLineA
GetStdHandle
HeapCreate
IsDebuggerPresent
GlobalFree
GetACP
OpenMutexA

user32

BeginPaint
GetDlgItem
IsIconic
GetClassNameA
GetCursorPos
GetWindowTextA
SetForegroundWindow
FrameRect
GetFocus
wsprintfA
DrawTextA
ShowWindow
ValidateRgn
ReleaseDC
GetParent
SetActiveWindow
FillRect
EndPaint
GetWindow

crypt32

CertCloseStore
CertCreateContext
CertFindAttribute
CertControlStore
CertDuplicateStore

apphelp

ApphelpCheckIME

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ