ef985ff3e3d0b773a602704331250ccc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef985ff3e3d0b773a602704331250ccc_JaffaCakes118
Size

415KB
MD5

ef985ff3e3d0b773a602704331250ccc
SHA1

37724b8fa81b4a08646e6be7d1970b944f79fd28
SHA256

29777478dbb5f530099b555caf5c20509a572d60e2def03c07d73fe16d4d6d2b
SHA512

d7539331c76a91201a998227b662a442fdb6118c501414cd57f384c0e9183848f73361480fea2bf196a87ed1f361654732ed360139a4f64dbcc1444146bb9bb1
SSDEEP

6144:16b2I7dBJY+l8EAnddMJfnDnDYiktjAg2SDj2uqLUITtjtz:16qIprYLsr0iktjrpDSFJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef985ff3e3d0b773a602704331250ccc_JaffaCakes118

Files

ef985ff3e3d0b773a602704331250ccc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

71d65059e857bf33c7b65cb1e535cf5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
Sleep
GetCommandLineA
CloseHandle
GetSystemDirectoryA
RaiseException
HeapCreate
LoadLibraryExA
EnterCriticalSection
GlobalAddAtomA
GetLogicalDrives
VirtualProtect
GetStdHandle
InterlockedExchange
GlobalFree
LockResource
SetErrorMode
GetLocaleInfoA
GetFileAttributesExA
GetLastError
GlobalAddAtomA

user32

EndPaint
GetClassNameA
FlashWindowEx
IsIconic
DrawTextA
FillRect
GetWindow
GetWindowTextA
BeginPaint
ShowWindow
FrameRect
GetActiveWindow
GetCursorPos
SetForegroundWindow
GetParent
ValidateRect
GetFocus
wsprintfA
ReleaseDC

httpapi

HttpTerminate
HttpAddUrl
HttpCreateHttpHandle
HttpAddFragmentToCache
HttpInitialize

winhttp

WinHttpOpen

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ