beeb5cec71d54e36aaf5ca48583b0228_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

beeb5cec71d54e36aaf5ca48583b0228_JaffaCakes118
Size

317KB
MD5

beeb5cec71d54e36aaf5ca48583b0228
SHA1

08f89e3cb46ac23cf342b87debd8f1d21320933b
SHA256

c849e3a1900accc6694fda3c58fb40496e3b2d9da97f65ba60ef7e12c0b18b00
SHA512

87a16e38628a542ca8b6b0acd30e6face45417e5e2a68168a9e4ae9502bd4e4a677929d6dc006359cfcdb4ee4a61617e2e8c109a6778c153f58ef20975e8a8c1
SSDEEP

6144:y9vERPh5qe7/JFB7XYdjSYGioU8DmiUtH:ymRP2e7/JFTD1UtH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
beeb5cec71d54e36aaf5ca48583b0228_JaffaCakes118

Files

beeb5cec71d54e36aaf5ca48583b0228_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d0d8df1905a5dc2b70a6a4e234e81db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LocalFree
SetConsolePalette
VirtualAlloc
GetStdHandle
GlobalAddAtomA
LoadLibraryExA
RaiseException
GetLastError
lstrcat
WriteProfileStringA
GetOEMCP
GlobalAddAtomA
GlobalUnlock
SetCommBreak
DeleteAtom
GlobalFree
LoadResource
IsBadCodePtr
EnterCriticalSection
HeapCreate

user32

ReleaseDC
GetClassInfoExA
CloseWindow
BeginPaint
GetActiveWindow
GetForegroundWindow
ShowWindow
GetFocus
GetParent
GetClassNameA
GetWindowTextA
IsIconic
GetWindowTextLengthA
ValidateRect
DrawEdge
AlignRects
EndPaint
GetWindow
GetDC

wsock32

WSACleanup
WSAGetLastError
WSASetBlockingHook
WSAStartup
WSAAsyncGetServByPort

linkinfo

CreateLinkInfoA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ