ebf788fa239f2515dececc504b3f3976_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebf788fa239f2515dececc504b3f3976_JaffaCakes118
Size

280KB
MD5

ebf788fa239f2515dececc504b3f3976
SHA1

3e288a655363a2c3f1b70c716e049cb2b1db73b2
SHA256

736a0fb36103205c0bf562b993348832383ac98341ef93761c92d2484a18e8f0
SHA512

6b6d42bb7e36e45aa83d1daed84686b4c120d7749006e042bd804ff06b76cc216652f496b4e1e68afbbd50d0b903e0594f6186f014070ef4b41013708cdf1a5f
SSDEEP

6144:v9T7G2hWWPwbOlvdTnzb8eQXQXgtqLXIB+7dK9fqVPi9wr:v9u2QOllzzANXEJ7IB5qhiA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebf788fa239f2515dececc504b3f3976_JaffaCakes118

Files

ebf788fa239f2515dececc504b3f3976_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4033b8c43e7bf3bcbf4a8e3fe2be68d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
LockResource
SetEndOfFile
TerminateThread
FindFirstFileW
GetUserDefaultLangID
FindResourceW
CreateWaitableTimerW
MulDiv
SuspendThread
InterlockedDecrement
GlobalAlloc
FreeLibrary
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapSize
IsBadReadPtr
LoadLibraryA
VirtualFree
VirtualProtect
CreateThread
DuplicateHandle
FindResourceExW
GetCurrentProcess
CancelWaitableTimer
VirtualAlloc
lstrlenW
WaitForSingleObject
SetFilePointer
LoadResource
ExitProcess
lstrcpyW

user32

DestroyIcon
SetWindowPos
SendMessageW
wsprintfW
IsWindow
GetSysColor
GetWindowDC
GetWindowRect
DestroyMenu
MessageBoxW
IsDlgButtonChecked
GetMessageW
ReleaseCapture
RegisterHotKey
DrawTextW

gdi32

SetBkMode
GetMapMode
DPtoLP
SetDIBits
BitBlt
StretchBlt
CreatePen

advapi32

RegCloseKey
GetUserNameW
RegCreateKeyExW

ole32

CoInitializeEx
CoInitialize

oleaut32

OleLoadPicture

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE