d573834f6395c2ed4906a54f9cc2c381_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d573834f6395c2ed4906a54f9cc2c381_JaffaCakes118
Size

448KB
MD5

d573834f6395c2ed4906a54f9cc2c381
SHA1

e1fe34f5eaa272e3d4e6635bda029d7dd97f24dc
SHA256

a5e29f0ae0518b0f2cdad58822e71f2a1f91a564a3040e8f3074deebcaa73bfa
SHA512

e4a67584f38c6e227f4521d4a16608f4aa5b88deb9984998a7a91a0f091e19ca3c7499097635758634c39fb65687f95f7297645482badafc1804ccd382d8ae6e
SSDEEP

6144:cO0VwBRjG6bAG7o5jo0FKoVDmWVTSumSOeOI1+BiA4w4JsaYEasGHytD46vb:cOuekq03EaTJOeOI4iAP4JsaCnylvb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d573834f6395c2ed4906a54f9cc2c381_JaffaCakes118

Files

d573834f6395c2ed4906a54f9cc2c381_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9d63a3e05e9f4cb9fd86fe3531d94fa1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
GlobalUnlock
LoadLibraryExA
CloseHandle
GlobalDeleteAtom
SetConsoleCP
FoldStringA
VirtualProtect
SetErrorMode
GlobalFree
GetDriveTypeA
EnterCriticalSection
GetLocaleInfoA
LockResource
GlobalAddAtomA
GetLastError
Sleep
GetStdHandle
GetACP
HeapCreate
RaiseException

user32

GetFocus
EndPaint
IsIconic
GetWindow
DrawTextA
GetParent
ShowWindow
GetClassNameA
BeginPaint
SetForegroundWindow
ClipCursor
DrawEdge
ValidateRect
GetWindowTextA
GetCursorPos
GetActiveWindow
GetMenuItemInfoA
ReleaseDC
CharToOemBuffA

version

VerInstallFileA
GetFileVersionInfoSizeA
VerQueryValueA
VerFindFileA
GetFileVersionInfoA

rasadhlp

WSAttemptAutodialName

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ