d23b8339bd2475f9d1554f3a1a24cf10_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d23b8339bd2475f9d1554f3a1a24cf10_JaffaCakes118
Size

417KB
MD5

d23b8339bd2475f9d1554f3a1a24cf10
SHA1

5134b3215d377b0972899c42c96f56c49c9205f8
SHA256

41fe9e1a4bc0a4b0172202532012d3beb3df21180adfee4f881b91c2d7617ef5
SHA512

b9bff8fcf59ba2ee5442096cb84bd4180a1b0315fccfb8a00700a645a35043bb2247deb9afdd8abbd4a41015b9fd4df9b53d4f9fd1c52ec2d850d18b1e810d86
SSDEEP

6144:TE4f5pjA6EstDkoCDuG6K4nY+zIZJz5GyCY6ootoA4t/T4RgU:tA6ESDkoUuBfqR50YPot3e/Tg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d23b8339bd2475f9d1554f3a1a24cf10_JaffaCakes118

Files

d23b8339bd2475f9d1554f3a1a24cf10_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb057cba1e07aa2742f2326d62e95b17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProfileStringA
CloseHandle
GetProcessHeap
GetOEMCP
GetStdHandle
EnterCriticalSection
VirtualAlloc
LocalSize
DeleteAtom
GlobalAddAtomA
LoadResource
LoadLibraryExA
GlobalLock
GlobalCompact
SetCommBreak
RaiseException
GlobalFindAtomA
lstrcpyn
GetCommState
ExitThread
GlobalFree

user32

IsIconic
CloseWindow
GetForegroundWindow
GetWindowTextLengthA
ReleaseDC
BeginPaint
GetClassNameA
GetWindow
ShowWindow
ValidateRect
GetDC
GetActiveWindow
GetClassInfoExA
DrawEdge
GetFocus
GetWindowTextA
GetParent
EndPaint
AlignRects

wsock32

WSAGetLastError
WSAAsyncGetServByPort
WSAStartup
WSACleanup
WSASetBlockingHook

duser

AutoTrace

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ