de6eb77b4a227efc8c79289eaba8f18d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de6eb77b4a227efc8c79289eaba8f18d_JaffaCakes118
Size

361KB
MD5

de6eb77b4a227efc8c79289eaba8f18d
SHA1

7a04aca0157ade72e70c9bf3e49667c75ba37bdb
SHA256

fc8ea54746b3a13db3f82f1af1bbb74d9324c67199ef7d8883162f4399eec7d2
SHA512

19a4c4b15656d04ea43f5703451963e3fe4b59bf882be58bb48594283177780e27f7e48f75b05f77426bb75eea619e06226d2fde53efca38898ec5b279a12184
SSDEEP

6144:iuWGFjwLeYty9eaKDn4j4veam2RU38YoRI1vkvY1LHVHgdib07mAPvh1mMw5gZFS:iDqjQAep48ekCruICvYwdc3APvjw8F6F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de6eb77b4a227efc8c79289eaba8f18d_JaffaCakes118

Files

de6eb77b4a227efc8c79289eaba8f18d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7321ffb4bda2b99b499149a8aab450ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
WaitForSingleObject
LoadLibraryExA
InterlockedExchange
IsDebuggerPresent
HeapDestroy
HeapCreate
GetUserDefaultLCID
GetSystemTime
GlobalMemoryStatus
GlobalSize
GetACP
GetCommandLineA
VirtualProtect
GetModuleHandleA
LockResource
ResumeThread
GetAtomNameA
GetConsoleCP
PeekConsoleInputA
lstrlenA

user32

GetClassNameA
EndPaint
GetDC
ReleaseDC
GetFocus
FrameRect
GetParent
FillRect
AnyPopup
DrawTextA
DragDetect
SetForegroundWindow
GetWindow
ShowWindow
CreateIcon
GetTitleBarInfo
BeginPaint
GetCursorPos
wsprintfA

ntshrui

DllCanUnloadNow
SetFolderPermissionsForSharing
DllGetClassObject
GetLocalPathFromNetResourceA
GetNetResourceFromLocalPathA

wshtcpip

WSHIoctl

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ