ce82f1c4f48b4b92849b06f6353e4384_JaffaCakes118 | Triage

Sharing

General

Target

ce82f1c4f48b4b92849b06f6353e4384_JaffaCakes118
Size

317KB
MD5

ce82f1c4f48b4b92849b06f6353e4384
SHA1

112b0c066173030fa010c367484f7bb8a3a4ac5e
SHA256

14f4cc5ea5f85a752ad76eb57983d758671945300896200fa2160bd5592e26ce
SHA512

4948049126300ee61aec8529115bb1493d0b98c742e1a6ffe10b8a95bbf09f10ef579e76152539feba8eb7e0a97f299673fc98bc1edbcd57afde072f64f6a0ba
SSDEEP

6144:Gr2deC/4nXA13lwjbjHMGcnr6hDLCF1bzzFD5BrOSMInBOwUsD1N:GrHnX5Hrlcnr6hDLstzzYSMaBOwUsRN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce82f1c4f48b4b92849b06f6353e4384_JaffaCakes118

Files

ce82f1c4f48b4b92849b06f6353e4384_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc7db5f53f8c801474b0a9375b3aa600

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
GetOEMCP
LoadLibraryExA
lstrcpyA
LoadResource
SetConsolePalette
CloseHandle
IsBadCodePtr
GlobalAddAtomA
GlobalFree
VirtualProtect
GetStdHandle
FreeConsole
HeapCreate
GlobalAddAtomA
EnterCriticalSection
RaiseException
DeleteAtom
GlobalUnlock
WriteProfileStringA
GetLastError

user32

GetForegroundWindow
GetWindowTextA
AlignRects
GetDC
GetWindow
GetClassInfoExA
ValidateRect
IsIconic
GetClassNameA
CloseWindow
DrawEdge
GetFocus
GetWindowTextLengthA
ShowWindow
GetParent
ReleaseDC
EndPaint
GetActiveWindow
BeginPaint

mprapi

MprAdminUserRead
MprAdminUserWrite
MprAdminUserGetInfo
MprAdminUserOpen
MprAdminUserClose

linkinfo

CreateLinkInfoA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ