d2a7da64723a85e6b313f6cb80fc66b1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2a7da64723a85e6b313f6cb80fc66b1_JaffaCakes118
Size

313KB
MD5

d2a7da64723a85e6b313f6cb80fc66b1
SHA1

516133638c21e9f0d1cb3c1d2e842d7d1979e5c5
SHA256

0ac8842773ad716948328034f1fd12c5afd22ebbfec867d39f22d35d115e7613
SHA512

85094972778e78e43abb7963668bbabaad88f650a67ee1b03263eadd83200695ac54b27e41972dc1908c8e8ec5d1fc3063bacf692a5196a20a8b7c1c98e8fece
SSDEEP

6144:dY2odMjmSyNTGUap5sYhRwiUXlJidFJVR0P8zP8qWFATBgmySvH1:dmdM61PaDsePUPGvn8FUgr+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2a7da64723a85e6b313f6cb80fc66b1_JaffaCakes118

Files

d2a7da64723a85e6b313f6cb80fc66b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d6f292eee47be97276be3985e5483164

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
LoadResource
GetCommState
GlobalLock
GetOEMCP
SetCommBreak
GlobalAddAtomA
RaiseException
GetProfileStringA
LocalSize
GetStdHandle
LoadLibraryExA
ExitThread
DeleteAtom
lstrcpyn
GlobalCompact
EnterCriticalSection
GlobalFindAtomA
GlobalFree
GetProcessHeap
CloseHandle

user32

GetFocus
IsIconic
DrawEdge
AlignRects
GetParent
BeginPaint
GetWindowTextLengthA
GetWindowTextA
CloseWindow
GetClassInfoExA
GetDC
ValidateRect
GetForegroundWindow
GetWindow
EndPaint
GetActiveWindow
ReleaseDC
ShowWindow
GetClassNameA

wsock32

WSACleanup
WSAAsyncGetServByPort
WSAStartup
WSAGetLastError
WSASetBlockingHook

duser

AutoTrace

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ