c1912a2f5772a93e3103846a4acc578d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1912a2f5772a93e3103846a4acc578d_JaffaCakes118
Size

449KB
MD5

c1912a2f5772a93e3103846a4acc578d
SHA1

694948c3556d8f5d181ea67de5804ff14168768c
SHA256

67a6f9ac0968448c0a5caf84df5ef1b9afa1d1f2cc4343297bbde17fb3367d5e
SHA512

8970fb4fa9e1533d3160664470a24aa3acce11f47c4386ba76431ff3537461445b8abf362e827c4a6d4035e877f2a3e86961248bc5ddbce78e651bb795affe92
SSDEEP

12288:WTjt68fR+379KyIpB1sDmhWx7PrrSxqcKXNafA2gSJZs:CHWZChWxTrrqtKXWLgSJZs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1912a2f5772a93e3103846a4acc578d_JaffaCakes118

Files

c1912a2f5772a93e3103846a4acc578d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b65dd8137b93cd2409f89fff2a02a9ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitAtomTable
HeapCreate
SetConsoleCP
SetErrorMode
GetACP
EnterCriticalSection
GetTimeFormatA
SizeofResource
GetLastError
lstrcpyA
GetStdHandle
LoadLibraryExA
VirtualProtect
CloseHandle
GlobalDeleteAtom
GlobalFree
GetPriorityClass
LockResource
GlobalAddAtomA
RaiseException
GlobalUnlock

user32

GetClassNameA
AnyPopup
IsIconic
GetParent
EndPaint
GetDC
BeginPaint
ValidateRect
GetFocus
DrawEdge
GetActiveWindow
GetClassInfoExA
GetWindowTextA
GetForegroundWindow
GetWindow
ShowWindow
GetWindowTextLengthA
CloseWindow
ReleaseDC

mprapi

MprAdminUserOpen
MprAdminUserWrite
MprAdminUserClose
MprAdminUserRead
MprAdminUserGetInfo

mapi32

MAPILogonEx

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ