d3960b4d48edb75629e19b414f750b99_JaffaCakes118 | Triage

Sharing

General

Target

d3960b4d48edb75629e19b414f750b99_JaffaCakes118
Size

119KB
MD5

d3960b4d48edb75629e19b414f750b99
SHA1

142d1c16d07ca6d741921c285f17423f32d280cf
SHA256

5c4dde72b156e72578ee3cc9047abc361b39bc0fed9551c2894cb98cecc2cfdd
SHA512

6ab41b061a0f4e3217ae4b63b1dcf594603acc6f886486a0bb29c156cef65243a5b0997ea9435dd581245f474daa7596c448762fce210cf309de53d78b1692d3
SSDEEP

1536:YWOdRHqO3uc16JZomyyY22bwIVzdTICC8OImIeeHFUcDGn71LfLZU0CceyH7atH:YpJqOd8XIVB+VI4dn51Up2HutH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3960b4d48edb75629e19b414f750b99_JaffaCakes118

Files

d3960b4d48edb75629e19b414f750b99_JaffaCakes118
.exe windows:5 windows x86 arch:x86

56d6b0a1f299d70a837fdef2047dc0e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetPropA
EndDialog
EnumDesktopsA
SetWindowPos
ValidateRect
IsCharAlphaNumericW
DialogBoxParamA
SetWindowTextA
OemKeyScan
GetActiveWindow

ole32

CoFreeLibrary
CoUnmarshalHresult
OleFlushClipboard

kernel32

GetCurrentProcessId
CopyFileW
CreateProcessW
SizeofResource
GetStartupInfoA
HeapDestroy
DeleteAtom
SetFileAttributesA
AddAtomW
LocalAlloc
LocalFree
InterlockedExchangeAdd
GetProcAddress
LoadLibraryExW
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
InitializeSListHead
HeapCreate

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ