f017152f80e1882fa18dab985f916a0b_JaffaCakes118 | Triage

Sharing

General

Target

f017152f80e1882fa18dab985f916a0b_JaffaCakes118
Size

891KB
MD5

f017152f80e1882fa18dab985f916a0b
SHA1

6a4b5b7f91c657be2ee4ec0b262e0345c5d2559b
SHA256

f787f5d49419c8526164d2efab0c6c1a12a750cab9bdc6ccb7ae53811b3c2720
SHA512

97b965d295f2045b7d435c2b778d0313dfeda4a339d1adff044fbfe6734bde6f0315b8ff73f9dc6ad3a325d2b40af240fa76d6bbb0ab2f897a2cbee65c96e836
SSDEEP

12288:TLAw0c4DutBQwKXiXiK1A0dG508RAimIma5VDAVRAdFmEx9GlGmu4f7byetYrI+q:TLWaZWiXn1A0c0MmAG6dAkQ8eBYr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f017152f80e1882fa18dab985f916a0b_JaffaCakes118

Files

f017152f80e1882fa18dab985f916a0b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7cf3265791ac6a39583b4ef92bd8b2a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncpy
atoi
malloc
free
_ftol
strncmp

kernel32

LCMapStringA
IsBadReadPtr
HeapFree
HeapReAlloc
GetModuleHandleA
RtlMoveMemory
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
lstrlenA
RtlFillMemory
lstrcpynA
GetCurrentProcess
WriteProcessMemory
GetProcessHeap
ExitProcess
HeapAlloc
GetModuleFileNameA

user32

SendMessageA
LoadImageA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
CreateWindowExA
PostQuitMessage
DefWindowProcA
MessageBoxA
wsprintfA
LoadCursorA
LoadIconA
DispatchMessageA
RegisterClassExA

gdi32

GetStockObject

shlwapi

StrToIntExA

ntdll

RtlCompareMemory

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 869KB - Virtual size: 869KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE