dab2dd5e9568eb30964687c768947380_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dab2dd5e9568eb30964687c768947380_JaffaCakes118
Size

200KB
MD5

dab2dd5e9568eb30964687c768947380
SHA1

6cbe4fa2ec712d70e372f77d0ee74fda93c40e9f
SHA256

deb00a8f436a0db76424d3cb9a52469744426dc90650c39303df1b8ecd7edcda
SHA512

8a685f148a88c4814d79ad11943096b714cc48f98b8d79fe80e652f13a07d11bf504a76c971e63455c3adb267ccedd19c5e0293cada3e7e77a1f59c248c76f9e
SSDEEP

6144:CRfRs9YaNn8g5v+n4SI53R6gkAlkO7rIeU:CRJNwv+nngkAlPrDU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dab2dd5e9568eb30964687c768947380_JaffaCakes118

Files

dab2dd5e9568eb30964687c768947380_JaffaCakes118
.exe windows:4 windows x86 arch:x86

60fe8ad0039d68816ee0ea9e6da574e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
MoveFileA
PulseEvent
VirtualFree
LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
GetPriorityClass
GetModuleHandleA
VirtualLock
ResetEvent
FileTimeToSystemTime
VirtualAllocEx
HeapDestroy
GetLastError
LocalLock
IsBadCodePtr
ReleaseSemaphore

user32

IsZoomed
IsIconic
IsWindowVisible
LoadCursorA
GetWindow
FindWindowA
GetClientRect
GetDesktopWindow
GetDC
GetCursorPos
ReleaseDC
SetTimer

gdi32

CreateDIBPatternBrush

psapi

EnumProcessModules

msvfw32

DrawDibClose
DrawDibEnd
DrawDibOpen
DrawDibStart

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ