ceda196ca0cb498c6c7b2aac47f50799_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ceda196ca0cb498c6c7b2aac47f50799_JaffaCakes118
Size

169KB
MD5

ceda196ca0cb498c6c7b2aac47f50799
SHA1

4e1c85ac1e32c6f92e90aaae428c66ccb2e0b599
SHA256

0871e47ca95cd63cf04b91a54833bb9219b80375d0da25d9e2ed4c14425237b1
SHA512

423179196d2adbcb36a8431db1c704643a7be7204613fb9e194cf83ba2819f46592d3114f60bc028821300ae9a37d72d0622a4d3435a05cec0d282ff73914b48
SSDEEP

3072:PtbtG/qw1oTqh/y+/6Y73kOTZxkZLSnV4MHVul4da:PtVOZyEp73kO9xkFaV4Kuga

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ceda196ca0cb498c6c7b2aac47f50799_JaffaCakes118

Files

ceda196ca0cb498c6c7b2aac47f50799_JaffaCakes118
.exe windows:4 windows x86 arch:x86

def02a217b8d745a8ce1f3f7e6156d12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetMessageW
wsprintfW
TranslateMessage
SetTimer
DispatchMessageW
GetAncestor
KillTimer
CharNextW
PostThreadMessageW
GetDC
CharUpperW
UnregisterClassA

kernel32

lstrcpynW
GetTickCount
GlobalFree
MultiByteToWideChar
lstrcpyW
CheckRemoteDebuggerPresent
WideCharToMultiByte
lstrlenW
lstrcpyA
EnumResourceTypesW
GetLastError
FindClose
GetACP
OutputDebugStringW
InitializeCriticalSection
LockResource
lstrcmpiW
DeleteCriticalSection
GlobalAlloc
GetCPInfo
GetModuleHandleW

winspool.drv

DocumentPropertiesW

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isete
Size: 1024B - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ