db3c1d4479249b99dfebf948cead679f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db3c1d4479249b99dfebf948cead679f_JaffaCakes118
Size

166KB
MD5

db3c1d4479249b99dfebf948cead679f
SHA1

62e4e7d71c751c82218dc01df34e9fecf56f9acf
SHA256

43e496e3e3c565c7b0813db975dd459dc9f301ac45b02b655b079706fdf79d55
SHA512

fc216e9a936c5d769fafe8037b32c31a7e23f0a9e44328f58404584ee6e622af59be0de347a68f2c2b60d653695cd0a5a3b6f86f361787576fa6fa1aa42ac3ce
SSDEEP

3072:YK6aeuZ9coocVqjtVR8xRJTz5lYGTyUz2hUY+hkNWIGhA02lF:neWjYjtngRJBlmI2hUPGsIaQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db3c1d4479249b99dfebf948cead679f_JaffaCakes118

Files

db3c1d4479249b99dfebf948cead679f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6b641cd5b190bc8e3145d541189efdf4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

user32

GetCapture
ExcludeUpdateRgn
InvalidateRgn
UpdateWindow
IsWindow
RealGetWindowClassA
ReleaseCapture
ValidateRect
DestroyWindow
SetCapture
FlashWindow
ValidateRgn
EnableWindow
IsWindowEnabled
GetUpdateRgn

kernel32

FindResourceW
ConvertFiberToThread
CompareStringA
SystemTimeToFileTime
SetEnvironmentVariableW
FindClose
GetStringTypeW
GetOEMCP
LocalFileTimeToFileTime
LocalAlloc
SetThreadIdealProcessor
GetShortPathNameW
FindFirstFileW
LCMapStringW
LoadResource
FindNextFileW
EnumResourceNamesW
SetErrorMode
GetSystemDirectoryW
RegisterWaitForSingleObject
FileTimeToSystemTime
GetCurrentProcess
SetCurrentDirectoryW
LocalFree
IsBadReadPtr
GetLocalTime
FileTimeToLocalFileTime
FreeLibrary
SearchPathW

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imul
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ