c8dda877e919852daabfe41ec9f60408_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8dda877e919852daabfe41ec9f60408_JaffaCakes118
Size

111KB
MD5

c8dda877e919852daabfe41ec9f60408
SHA1

649b23c5082061271567d0d2dd93e212fcaa0709
SHA256

abc16de53c8eca1bc996e1098afc219929041c2ad2a80f73a0c00a909c01359d
SHA512

a678e491e84cee8547f4ac7358c853d88247038af395296f4bbf9f3b6c2bc317c778581ce7627d116639b26c5ae9edcdd79ac357156553ef2d4eb6c5b5e4043f
SSDEEP

3072:ct4YXpXATZcdNgrh2fmDXIpPOuACaQy/m/9+hx:e1wVaW4mDZ5CUm/whx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8dda877e919852daabfe41ec9f60408_JaffaCakes118

Files

c8dda877e919852daabfe41ec9f60408_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eb811e86bb2b81876c6277cf5974fa2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStdHandle
GetEnvironmentStrings
VirtualAllocEx
VirtualQuery
IsValidLocale
CloseHandle
FileTimeToLocalFileTime
GetFullPathNameA
ExitThread
GetLocaleInfoA
Sleep
InitializeCriticalSection
GetThreadPriority
GetModuleHandleA
ExitProcess
MultiByteToWideChar
InterlockedDecrement

ntdll

ZwQueryPerformanceCounter
RtlGetLastWin32Error
ZwQueryKey
ZwCreateEvent
NtCreateTimer
ZwQueryInformationProcess
ZwClose
ZwQueryPortInformationProcess
ZwQueryIoCompletion

user32

MessageBoxA
RegisterClipboardFormatA
GetClientRect
SetCaretPos
BeginPaint
ScreenToClient
SetActiveWindow
ReleaseDC
GetMenuItemInfoA

gdi32

SetBrushOrgEx
CreateRectRgn

shell32

SHBrowseForFolderA

comctl32

ImageList_DragLeave

clbcatq

ComPlusMigrate
GetSimpleTableDispenser
ServerGetApplicationType
UpdateFromAppChange

ole32

OleInitialize
DoDragDrop

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ