d08c99680c39b203dbd8d56444dc1bf2_JaffaCakes118 | Triage

Sharing

General

Target

d08c99680c39b203dbd8d56444dc1bf2_JaffaCakes118
Size

316KB
MD5

d08c99680c39b203dbd8d56444dc1bf2
SHA1

85fdebc1ee8522910e2f69da740d177417a2f3ca
SHA256

4832eb3519ae1800a33f4b682c6d3b621a98ada0e92d137deac44348552fd8dd
SHA512

9dd3e877d30e593ec64993be227a31b0fcbddcfe3ca98b79d7cb9dc70b19ae8a456fd438ef0a5e4e00718e68438c3bf800da7c54efc2b8eb8092c6e2bca0b4d4
SSDEEP

6144:l8BmLHC9+7SxhjmqsfGCIUZXiwRlDzgnJOGHhZ9al5YgvysriJOh:l6h5mf3I2iwDzgn3Y5h6sriJ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d08c99680c39b203dbd8d56444dc1bf2_JaffaCakes118

Files

d08c99680c39b203dbd8d56444dc1bf2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

797f93e996db52d2c6f8a2dcabb64386

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FindFirstFileA
GetCommandLineA
ResetEvent
GetStdHandle
RaiseException
GlobalFree
SetErrorMode
GetLastError
VirtualProtect
LoadLibraryExA
EnterCriticalSection
Sleep
GetLogicalDrives
ReleaseMutex
SetEvent
GetSystemDirectoryA
HeapCreate
GetLocaleInfoA
GetACP
InterlockedExchange

user32

GetCursorPos
FrameRect
FlashWindowEx
GetActiveWindow
ValidateRect
GetFocus
BeginPaint
FillRect
ReleaseDC
wsprintfA
IsIconic
GetParent
GetWindowTextA
GetWindow
EndPaint
SetForegroundWindow
GetClassNameA
DrawTextA
ShowWindow

httpapi

HttpInitialize
HttpAddFragmentToCache
HttpCreateHttpHandle
HttpTerminate
HttpAddUrl

winhttp

WinHttpOpen

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ