dcceba52a10d94c1ee13dce5a79523c7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dcceba52a10d94c1ee13dce5a79523c7_JaffaCakes118
Size

281KB
MD5

dcceba52a10d94c1ee13dce5a79523c7
SHA1

77f29fe67107a7caf8256f79fd4fa4bde76e2eda
SHA256

16f7188b425bd781f41c041b7f468f8f60aad722908fa4334128bfc075c37aa5
SHA512

a490b68c03dbd8c0105c9ab9441a9676e951c43f55f32b999d0802053abf0e5a202c92670848dc22c213cbc4c3cfb3331edbb7f09922ed9757d5b59109cfe470
SSDEEP

3072:RLqJovZTaHgZzucp3BtScb2MtwCEkPHvyj1rXQ+8ZH4Vg9Zp6KbxykC1zQpI:OoZaMjbtwCNSj1ruF1VyT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcceba52a10d94c1ee13dce5a79523c7_JaffaCakes118

Files

dcceba52a10d94c1ee13dce5a79523c7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da38474254a42da2d4ee534df0388c2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControls

kernel32

GetDriveTypeA
GetModuleHandleA
DeleteFileW
VirtualAlloc
GlobalFindAtomW
lstrcmpiW
GetCommandLineW
GetACP
lstrcmpiA
GetCurrentProcess
SetLastError
GetThreadLocale
CopyFileA
GetCurrentProcessId
RemoveDirectoryA
IsDebuggerPresent
lstrlenA
GetOEMCP
lstrlenW
GetModuleHandleW

user32

GetDesktopWindow
GetMessagePos
CharNextA
GetInputState

gdi32

SetViewportOrgEx
MoveToEx
UnrealizeObject
GetPaletteEntries
RestoreDC
LineTo
SetBkColor
GetStockObject
SetBkMode
SetWindowExtEx
GetDeviceCaps
EndPath
SetMapMode
SetBrushOrgEx

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE