d46fe94e058c87c8adff34de26eb2ab9_JaffaCakes118 | Triage

Sharing

General

Target

d46fe94e058c87c8adff34de26eb2ab9_JaffaCakes118
Size

635KB
MD5

d46fe94e058c87c8adff34de26eb2ab9
SHA1

9279cd463abe349db21d17e0dbf4bd2b8d5f1106
SHA256

5fa96e681bbc0fb72cca9df764b61a21c19dc7540293b1adf72897abf1440a46
SHA512

9a50dc3f346056cce5af0dd467467aeb9a60be1dbe9be283a57503aa377470ee0425734c97a2e48941fde5ae297cad00287004fba9fa049b138d1cd970461328
SSDEEP

12288:jOvCOEcPj63RuYyEzXRYDunC0Ax5ME2uraXH1mjOdZgKegyX+hi/Q/jAu0UfRHG0:qOSay+BU865aurawzFgY+h1R0Kp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d46fe94e058c87c8adff34de26eb2ab9_JaffaCakes118

Files

d46fe94e058c87c8adff34de26eb2ab9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5183b11226c4e21d4f97d57e7ec5a3a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
RaiseException
FindFirstFileExA
FindClose
EnterCriticalSection
GlobalFree
GetLastError
LoadLibraryExA
GetStdHandle
SetErrorMode
HeapCreate
ReleaseMutex
RemoveDirectoryA
GetACP
Sleep
GetSystemDirectoryA
SetEvent
GetLocaleInfoA
GetCommandLineA
VirtualProtect
ResetEvent

user32

GetFocus
ReleaseDC
BeginPaint
DrawTextA
GetParent
FrameRect
GetCursorPos
EndPaint
FlashWindowEx
wsprintfA
ValidateRgn
GetClassNameA
GetWindow
SetActiveWindow
ShowWindow
FillRect
SetForegroundWindow
GetWindowTextA
IsIconic

dnsapi

DnsStatusString
DnsApiFree
DnsFree
DnsIsStatusRcode
DnsApiAlloc

clbcatq

CoRegCleanup

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ