d559e277b3567a7e02b96efca5c18972_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d559e277b3567a7e02b96efca5c18972_JaffaCakes118
Size

91KB
MD5

d559e277b3567a7e02b96efca5c18972
SHA1

85c0e42a7d34182d3a680a58f8b58563f8ac32eb
SHA256

10059b4264c3f24ca0e9a7160b90dc837efcd066c36137f40c2d4d71b4461a64
SHA512

d044390901c39bd75fce598d397171851c9568a5de0cc7425e6369743deb7433e44ae8445f848aa9eb0ca3d7fbffc62c2035e3f4902ce0374585140c7c2ee72e
SSDEEP

1536:Us6Xi7REKU+6SFSiFCBEQrNpqRcc+1m+Q+28suAe3AiV+CwtbJcTcQwVfhngkh:U5X4REB6NBYyRd+o+n9QCwpJcQZVgkh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d559e277b3567a7e02b96efca5c18972_JaffaCakes118

Files

d559e277b3567a7e02b96efca5c18972_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5725f60a518ade4b710d555c1fa75b40

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
RemoveMenu
GetClassNameA
PtInRect
EndDeferWindowPos
WindowFromPoint
ReleaseCapture
GetWindowThreadProcessId

ole32

OleTranslateAccelerator
OleRegEnumVerbs
CoReleaseServerProcess
OleLoadFromStream
OleFlushClipboard
OleRegEnumFormatEtc
OleCreateLinkFromDataEx

kernel32

SetEvent
WaitForSingleObject
ExitThread
SetEnvironmentVariableA
EnumSystemLocalesA
TlsAlloc
ExitProcess
GetCommandLineW
GetUserDefaultLCID
SizeofResource
FindClose
GetFileAttributesA
VirtualQueryEx
TlsFree
GetCurrentThread
FindResourceA
GetProcessHeap

gdi32

SetTextAlign
Ellipse
GetTextMetricsA
EndDoc
BitBlt
CreateSolidBrush
GetObjectA
LineTo

msvcrt

fopen
_pctype
strncat
_XcptFilter
strchr
_exit
__p__commode

advapi32

LookupAccountNameA
RegQueryValueExA
GetSecurityInfo

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ