c18e4cbe95cbfab37355c0f9308d0343_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c18e4cbe95cbfab37355c0f9308d0343_JaffaCakes118
Size

32KB
MD5

c18e4cbe95cbfab37355c0f9308d0343
SHA1

d9d3ef89a48ba655c0d76690336540be103d3a76
SHA256

13e039bd43bec8e3c4c248f10233a19eebc13b32352199aef5d6032ce6e991a3
SHA512

73c7314f049ef161e4c24408e45c2baa742cb37ab28b05989db562ddf8c6946fe3f191afdbc3031f96e825f85bc67e71a95c7883a3a03f5d0de2238f3c3a0c36
SSDEEP

384:GsyODwXJJFjCyb1BDT9u33DqscaB24tAswD+mBKDD1:Bc/FjCybvDJunDqXaBO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c18e4cbe95cbfab37355c0f9308d0343_JaffaCakes118

Files

c18e4cbe95cbfab37355c0f9308d0343_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4e3588f2b22360df66c500c5834c840

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
OpenProcess
GetLastError
GetSystemInfo
DuplicateHandle
TerminateProcess
LocalAlloc
SetEnvironmentVariableA
LocalFree
SetErrorMode
GetWindowsDirectoryA
IsBadCodePtr
GetEnvironmentVariableA
ReadFile
CreateFileA
VirtualAlloc
GetModuleHandleA
ExitProcess
FormatMessageA

user32

wsprintfA
MessageBoxA
GetWindow
GetWindowRect
GetClientRect

ole32

CoCreateInstance
CoUninitialize
StringFromGUID2
CoTaskMemRealloc
CoInitialize
CLSIDFromString

oleaut32

LoadTypeLi
LoadRegTypeLi

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ