cff1ad2ba8e44ca63eeba61d6d42ddff_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cff1ad2ba8e44ca63eeba61d6d42ddff_JaffaCakes118
Size

56KB
MD5

cff1ad2ba8e44ca63eeba61d6d42ddff
SHA1

d1b4f779d4342f4f08e369671bb4e6efd65f307b
SHA256

8631574a201fc3d69bd72b1e80bcda290ed7db8b16cb795e97da4968d0f55364
SHA512

205ff1935303aab44f8f4c75f71e8d6e7a47034ba7ac06d0e9a543ca14f594ee1cc2b1a20410500747f713c0eb7495dd573759214131ce82bf5b8ddfec5788ee
SSDEEP

768:rTU5ejjMpaWk6INgm+gRxHZNium27XqGMhlBq2JOA0TzSjMwDCl3:XUePWAgSHZEuYBJ90XSYwDC5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cff1ad2ba8e44ca63eeba61d6d42ddff_JaffaCakes118

Files

cff1ad2ba8e44ca63eeba61d6d42ddff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a3dbdd9c02307800bd20cbc953bb94a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExW
ReadProcessMemory
ResetEvent
GetCurrentProcessId
InterlockedIncrement
CreateFileW
lstrlenW
GlobalAddAtomW
GlobalDeleteAtom
SuspendThread
LoadLibraryA
LockResource
WritePrivateProfileStringW
GetCurrentThreadId
VirtualFree
WaitForSingleObject
DeleteFileW
CreateProcessW
FindNextChangeNotification
SetLastError
GlobalFree
MultiByteToWideChar
FindFirstChangeNotificationW
GlobalLock
GlobalAlloc
FindResourceW
GetLocalTime
ResumeThread
GetProcAddress
FreeLibrary
SetEvent
SetWaitableTimer

gdi32

CreateDCW
DeleteDC
CreateFontIndirectW
GetStockObject
GetMapMode
CreateRoundRectRgn
Rectangle
CreateBitmap
GetClipBox
SetMapMode
CreateCompatibleDC

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE