d190ae5d210b077eafe59d2711912780_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d190ae5d210b077eafe59d2711912780_JaffaCakes118
Size

159KB
MD5

d190ae5d210b077eafe59d2711912780
SHA1

6a57e14e4b27cce427e9e0570451e699aefb1356
SHA256

af4d55a43dc987a801df91adba5979ecfa674c2b7f5029c84406a59825b28180
SHA512

01e345b1672c0c440eae185483822ea30d51fb40cb459b78d03bd22231a68b90490ef7969e32572ebf2e4c69ffae80f4b76571b59e41ff2431165eab803021b0
SSDEEP

3072:tAyT8WOJT3VPpFx+NTKgvJsM2slGSX4aDc44bvkd9pvmU25FqFEOdaOxQ:RTsb5pFx+RKWl5VUb8zpp25FqFEOdaOm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d190ae5d210b077eafe59d2711912780_JaffaCakes118

Files

d190ae5d210b077eafe59d2711912780_JaffaCakes118
.exe windows:31221 windows x86 arch:x86

c489e60ed48338a2c450460c50b4687f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges

kernel32

LoadLibraryA
VirtualAlloc
GetCommandLineA
LocalAlloc
QueryPerformanceCounter
SetUnhandledExceptionFilter
lstrcmpiW
GetModuleHandleW
GetCommandLineA
WaitForSingleObject
VirtualFree
GetCurrentProcessId
MultiByteToWideChar
GetModuleFileNameA
ExitProcess
QueryPerformanceCounter
GetCommandLineA
GetCurrentProcessId
GetCurrentProcessId
GetModuleHandleA
GetACP

gdi32

SetTextColor
GetObjectW
CreateCompatibleBitmap

user32

GetWindowRect
SendMessageW
GetMessageW
GetDC
ReleaseDC
GetWindowRect
PostMessageW
CreateWindowExW
SetCapture
GetMessageW
SendMessageW
GetSystemMetrics
DestroyWindow
DestroyWindow
DefWindowProcW

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ