cfe5010261160dd3168e5dd5c3f066d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfe5010261160dd3168e5dd5c3f066d9_JaffaCakes118
Size

28KB
MD5

cfe5010261160dd3168e5dd5c3f066d9
SHA1

a53139ffcda83548910a2bec34a4364b1a17c6ab
SHA256

c7ba5352d9b91fcf9f5b26bee2ac7a0edb178347e2c8919a31d27149a16c6f3e
SHA512

6e352638555b7f3426fc2e063f7c7b5afd8b55f17cd9bcd38169d45b1008c057efd0bb97c799d4a03986ebec353f2705a5730e42d6911c3da54a3ceaf6778fff
SSDEEP

384:XeAHMwwIeGIkWZLMWajzvbgmTpLbpmReQGztC/kqYc:OMMAvIkW1rajJFLYeQG5EkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfe5010261160dd3168e5dd5c3f066d9_JaffaCakes118

Files

cfe5010261160dd3168e5dd5c3f066d9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ec36c798e2a996d61a5e7f8419543c96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
LocalAlloc
lstrcpyn
lstrlen
MultiByteToWideChar
VirtualAlloc
VirtualFree
VirtualProtect
WideCharToMultiByte

user32

GetWindowDC
IsWindow
KillTimer
LoadCursorA
LoadIconA
LoadStringA
MessageBoxA
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
ReleaseCapture
ReleaseDC
SendMessageA
SetCursor
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA

gdi32

CombineRgn
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetPixel
GetStockObject
MoveToEx
Rectangle
RestoreDC
SaveDC
SelectObject
SetBkColor
SetBkMode
SetBrushOrgEx
SetPixel
SetStretchBltMode
SetTextColor
SetWindowOrgEx
StretchBlt
TextOutA

shell32

ShellExecuteA
SHGetPathFromIDList

Sections

CODE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

CRT
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE