c16ab3d5e392d3051dfa2eb9e1664903_JaffaCakes118 | Triage

Sharing

General

Target

c16ab3d5e392d3051dfa2eb9e1664903_JaffaCakes118
Size

97KB
MD5

c16ab3d5e392d3051dfa2eb9e1664903
SHA1

6f911dbacfdecc053ef5b31d016f929a8d395e4e
SHA256

cfe50156bc3c46799c917e4b87e9191dc95821019c406a0b26e85f25d0dcdfc0
SHA512

28390c541804ccc295fe0ed30f3a94f15864ad7d1471739ad924a12bc7664ea720ab673baba58f18b98d66d7a9eb1e96e100e9b47b5334f45fd6f31f1ad6f5d5
SSDEEP

3072:m3TWBcevx7zSNdQM3KiXtxEwbFtxp0NKX2PzRca5:m3yDZzS5XtxE0X0NeB4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c16ab3d5e392d3051dfa2eb9e1664903_JaffaCakes118

Files

c16ab3d5e392d3051dfa2eb9e1664903_JaffaCakes118
.exe windows:4 windows x86 arch:x86

931e700f4918a7359dbe947446b5946d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
GetPriorityClass
GetStdHandle
TlsGetValue
LocalAlloc
GetOEMCP
GetModuleHandleA
GetProcessHeap
LoadResource
CreateThread
GlobalFindAtomA
VirtualAlloc
GlobalLock
GetVolumeInformationA
GetUserDefaultLangID
OpenSemaphoreA
GlobalFree
GlobalFlags
TlsFree
LocalHandle
CompareStringA

user32

ValidateRect
ReleaseDC
IsIconic
CloseWindow
GetDC
GetParent
GetWindow
EndPaint
GetWindowTextA
DrawEdge
RegisterClassA
GetActiveWindow
GetClassInfoExA
BeginPaint
ShowWindow
GetClassNameA
GetForegroundWindow
GetFocus
GetWindowTextLengthA

shell32

SHGetFileInfoA
SHChangeNotify
SHGetFolderPathA
SHGetMalloc
SHBrowseForFolderA

userenv

GetGPOListA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ