db52b3c063cd7d6c33a8519aba26bceb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db52b3c063cd7d6c33a8519aba26bceb_JaffaCakes118
Size

21KB
MD5

db52b3c063cd7d6c33a8519aba26bceb
SHA1

2ceb1545636ebc08618f176de00b762992b51993
SHA256

e110471b59a0a8ea0c0d0fb8d1bb60ae6e70c59ad770857a6a6595e0d3c62935
SHA512

94e3ad1ab03f3f6ad7f14e4b4259469eff31982e91adccb7b410060cba75879f611c7e93eec49594fc21c4f49e89f82f5c32aa2110c6ed231bd7a9fdef9612b5
SSDEEP

384:8Qk5HezSePsL51e7bP7iBAUf7KvGeUr8lRWEyCAxvt00J3D:Qhe0LbOytf72jjyC+3D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db52b3c063cd7d6c33a8519aba26bceb_JaffaCakes118

Files

db52b3c063cd7d6c33a8519aba26bceb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e993d141f5bd1cc5d8954af93debce10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA

kernel32

SetUnhandledExceptionFilter
Sleep
CloseHandle
ExitProcess
LocalFree
GetLastError
CreateFileA
VirtualAlloc
GetModuleHandleA
GetCurrentProcess
TerminateProcess
lstrcmpiA
UnhandledExceptionFilter
DuplicateHandle
FormatMessageA
ReadFile
IsDebuggerPresent

user32

wsprintfA
MessageBoxA
KillTimer
SetTimer
FillRect
GetDlgItem
ReleaseDC
GetSysColor
GetDC
GetParent
GetWindow
ScreenToClient

gdi32

DeleteDC
SetTextColor
SelectObject
GetDeviceCaps
SetBkColor
DeleteObject

ole32

CoTaskMemFree
CoTaskMemAlloc

oleaut32

VariantChangeType
VariantClear
VariantCopy
VarUI4FromStr
VariantInit

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ