c26cc5095927a09234736fcbcb316fe5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c26cc5095927a09234736fcbcb316fe5_JaffaCakes118
Size

242KB
MD5

c26cc5095927a09234736fcbcb316fe5
SHA1

ec3ec925d73120c1d55a0c8f991d6b03d9667c12
SHA256

4897c8a0600c5a1f90d44b1e77135854a4b7fabeabe8a1adfaeab4553a2d5a22
SHA512

7ec9a01d1454c7eb083218692daa4ff9c128ca7df3e98696f1ab97b93d42fbe9dff523c38eb591f7836c729fa82408ae6c902e49ee9856250791917f9169e49e
SSDEEP

6144:C8nunPuGRppmMxomdvtf17FLYnzOy0FHChI7dZ:C8ipQM/dvtxOnCLChI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c26cc5095927a09234736fcbcb316fe5_JaffaCakes118

Files

c26cc5095927a09234736fcbcb316fe5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e9121dd6d3cf61e9a1bb0b8c59826534

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc
lstrcatA
GetModuleFileNameA
TlsSetValue
GetACP
GetCurrentProcessId
FreeLibrary
GetDriveTypeW
GetSystemDefaultLangID
GetCurrentThreadId
GetLogicalDrives
TlsGetValue
GetModuleHandleW
TlsFree
GetCurrentProcess
lstrcmpA
IsDBCSLeadByte
GetSystemDefaultLCID
VirtualAlloc
GetCommandLineA
GetCurrentThread

user32

GetActiveWindow
BeginPaint
GetClassLongA
IsIconic
GetWindowLongA
GetSystemMetrics
IsWindowVisible
GetWindowTextA
CreateWindowExA
GetWindowTextLengthA
GetWindowDC
GetForegroundWindow
GetDC
UpdateWindow
GetWindow
ReleaseDC
RegisterClassA
ShowWindow
GetFocus

gdi32

GetObjectA
SelectObject
DeleteObject
SetTextColor
SetBkMode
GetStockObject

clbcatq

SetSetupOpen
DowngradeAPL
ComPlusMigrate
SetSetupSave

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ