c8d33f94b55426606c94601738010ced_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8d33f94b55426606c94601738010ced_JaffaCakes118
Size

150KB
MD5

c8d33f94b55426606c94601738010ced
SHA1

fed1472e6653f8dfe8bc950d61d0c48dbfc792a9
SHA256

e9eea2711ee876c3de975424e8119550bfe9a135367f97f0d2030d8f83c53a87
SHA512

1163c70a3ce00d06d0c2358e14096a0e2c5e60ccd22f0d790f98c15a7a64ab769e643daba067a2228bc4b6ae20744d03e35d87ddac7f74c291383ea18003ba1c
SSDEEP

3072:pWY9tFQDgfig3/s05lmRWu23SdND79MitjnNHZ5E4XmmOr:pX9YDgfigPrmRWu23SdZd1nFMEmmOr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8d33f94b55426606c94601738010ced_JaffaCakes118

Files

c8d33f94b55426606c94601738010ced_JaffaCakes118
.exe windows:5 windows x86 arch:x86

29c0911d04b67eb838b85261f82a4dd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathGetCharTypeA

kernel32

SetThreadPriorityBoost
DeactivateActCtx
ResetEvent
CreateIoCompletionPort
DebugBreak
SetStdHandle
GetSystemDefaultLCID
GetConsoleWindow
IsValidCodePage
GetSystemTimeAsFileTime
GetCurrentProcess
GetProcessPriorityBoost
GetUserDefaultLocaleName
GetVersion

gdi32

GetPixel
GetCurrentObject

winscard

SCardCancel

user32

EmptyClipboard
GetParent
CharPrevExA
NotifyWinEvent
DestroyMenu
MoveWindow
GetMessageTime
IsMenu

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ