f0b7e09ba8e403acb948d84dfdef4adc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0b7e09ba8e403acb948d84dfdef4adc_JaffaCakes118
Size

17KB
MD5

f0b7e09ba8e403acb948d84dfdef4adc
SHA1

4fb574b4a700db2a9bbd1a2ef67f5895fe8996c3
SHA256

78330c2b71c49ee2fd19b381ef6a6ab077f50f32fe49d417f96f13e92fc65a6b
SHA512

b72deaa5077ae6e1f67cac177ca35160c682e85b14075e424187fed46929685641425f703bbe0e422284defa3be2a03a18891fb38a6f739c0183b2914dbc310d
SSDEEP

384:OWPIhbN0gNVrInmF3Qsnz9J5RnstYclo0e:6N0gNVrDF35n517Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0b7e09ba8e403acb948d84dfdef4adc_JaffaCakes118

Files

f0b7e09ba8e403acb948d84dfdef4adc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50aff15360c3820c4a37c5cf3170aad7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetModuleHandleA
GetCommandLineA
InterlockedExchange
GetConsoleCP
SuspendThread
GetSystemDefaultLangID
CompareFileTime
CloseHandle
VirtualProtect
GetVersion
GetAtomNameA
HeapReAlloc
GlobalUnlock
GetStdHandle
WaitForSingleObject
LocalSize
LoadLibraryExA
HeapCreate
GetTickCount
WaitForMultipleObjects

gdi32

GetMetaRgn
GetRgnBox
AbortPath
EndPath
GetTextColor
CreateICA
EqualRgn
GetStringBitmapA
FloodFill
EngLineTo
Escape
GetMetaFileA
DeleteDC
BeginPath
CreateFontA
Ellipse
DeleteObject
GetFontData
CreatePalette

winmm

auxGetVolume
auxSetVolume
OpenDriver
PlaySoundA
CloseDriver

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ