bf1328bfe337acdd7356f3b75a5cdd20_JaffaCakes118 | Triage

Sharing

General

Target

bf1328bfe337acdd7356f3b75a5cdd20_JaffaCakes118
Size

48KB
MD5

bf1328bfe337acdd7356f3b75a5cdd20
SHA1

b020603bbf560e4fb882458b4004914a45b23d6f
SHA256

1e9e557e0f8fbccf131ca0a4f78fd36b00bad943ee96725faa2b786576e30e1d
SHA512

6db4acb5ab19374d20ce6e3ffc7340e1c951ef3296633886250d8d6a25e85b242ef5748681b75f4d988fae169f76ae12f131a754e37d6f0fc15778f41d6a395d
SSDEEP

768:5vF6FrujGCRADyvU0Vhh0r1myMa7QnLh4JFRrRHdyNtULwa4YNvHGph3ZY8udI5N:CrdDNM0r11PGLh4n0nyNvHGTsIJ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf1328bfe337acdd7356f3b75a5cdd20_JaffaCakes118

Files

bf1328bfe337acdd7356f3b75a5cdd20_JaffaCakes118
.exe windows:1 windows x86 arch:x86

3b16ef3c3dc6e7010a038b6325f0a226

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
ExitProcess
LoadLibraryA
VirtualProtect
GetSystemTime
ExitProcess
lstrcatA
CloseHandle
GetModuleFileNameA

user32

MessageBoxA
SetCapture
ReleaseCapture

Sections

CODE
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE