c27d16aa3270e8389ee097bbf676353f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c27d16aa3270e8389ee097bbf676353f_JaffaCakes118
Size

76KB
MD5

c27d16aa3270e8389ee097bbf676353f
SHA1

49177ec53d56a3ba93d369aaec8975dcfea80526
SHA256

043bb7289f9c60f4e1d4ead8c789d152ae0c2369588943687978a172ff84ab78
SHA512

af72f1d8cff00e82f66fc2d972e26ca9223060d04fc9c392efd007504a8b1ecb016b7160cf3dd75e49a149782925cdc6ce6e3f812c251b417c7724ae992e990e
SSDEEP

1536:FvnDUG5VX6yf9g9/O0t73ed7GN5AfYqul497sjbytS0FMdu:FvnYG5kyf9g9/O0J3edyN5AARU7sjbyr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c27d16aa3270e8389ee097bbf676353f_JaffaCakes118

Files

c27d16aa3270e8389ee097bbf676353f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9656d4c348dd7163742471b351495654

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitProcess
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
InterlockedExchangeAdd
InterlockedExchange
GetTickCount

user32

CreateWindowExA
RegisterClassExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxA
GetActiveWindow
GetDlgItem
FindWindowA
DestroyWindow

gdi32

TextOutA
SetBitmapBits
SetGraphicsMode
GetObjectType
GetBkColor
CreateSolidBrush
ResizePalette
UpdateColors

Exports

Exports

?OEPC2@@YAHHPADHHH@Z
?OEPD3@@YAHHPADHHH@Z
?OEPK10@@YAHHPADHHH@Z
?OEPL11@@YAHHPADHHH@Z
?OEPM12@@YAHHPADHHH@Z

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ