bb9b017cf780be24677518f04e1d99ad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb9b017cf780be24677518f04e1d99ad_JaffaCakes118
Size

134KB
MD5

bb9b017cf780be24677518f04e1d99ad
SHA1

0af666eaf2ce75bec9dac8f64c82368cea6b636c
SHA256

152b689c5ec61505b2341d86d5935a4c32bf296c0154ceb3af10564098018951
SHA512

8627363ae7ca4952e242225a5a20e67c31fba8c76ddc7532cb0f095bebe3f6fd112a25417f15104b8a0c188dfb68c1ae3f25c9dfbbe5f515ecda88f97ca604b9
SSDEEP

3072:EE3vWVlDqxTUjtCcLZcp+3YypsedBNaKtveZW5+iQz:EevYlDqfcLxdDNaKRCz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb9b017cf780be24677518f04e1d99ad_JaffaCakes118

Files

bb9b017cf780be24677518f04e1d99ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b3cd9b53825ccbe9a1e442223424c220

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
ExitProcess
GetFullPathNameA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
IsBadReadPtr
IsDebuggerPresent
LoadLibraryA
SetEvent
VirtualAlloc
VirtualFree
lstrcmpiA

user32

GetCursorPos
GetForegroundWindow
GetSysColor
KillTimer
LoadBitmapA
RegisterClassA
ScreenToClient
SetWindowLongA
SetWindowTextA
ShowWindow
TranslateMessage

gdi32

BitBlt
CreateBrushIndirect
GetDCOrgEx
GetEnhMetaFileHeader
GetSystemPaletteEntries
RestoreDC
SetViewportOrgEx

shell32

ExtractIconW
SHBrowseForFolder
SHChangeNotify
SHCreateDirectoryExW
SHGetMalloc
ShellExecuteExA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE