f4fe999390268df550909a3a9b50d7d7_JaffaCakes118 | Triage

Sharing

General

Target

f4fe999390268df550909a3a9b50d7d7_JaffaCakes118
Size

638KB
MD5

f4fe999390268df550909a3a9b50d7d7
SHA1

d291ce8ddffb471bd1af3b7b6ec6a5a8128ba07f
SHA256

1e33abec80095828ee501fd674caefb71d7ca876222c2d71465b44236f8d8708
SHA512

01a9fc72a107444d71a4d6f253857165935f10a6f134df739b426cf83376e59ea10047494f6aa11677a4161989ff6925fd6ed501e5df618ce07f7c43ee743a4d
SSDEEP

12288:wc5GY0Y/I4u9asEhRdcpxFYctUzf138Gxv4vZiyC9V4xmu:IY054u9/EwxFYcq53FxyZDC4p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4fe999390268df550909a3a9b50d7d7_JaffaCakes118

Files

f4fe999390268df550909a3a9b50d7d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4800657e353e14483185290fc16ed22c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
GetStdHandle
LoadLibraryExA
SuspendThread
AddAtomA
GetVersion
WaitForMultipleObjects
CompareFileTime
GetCommandLineA
lstrlenA
GetProfileIntA
WaitForSingleObject
GetSystemDefaultLangID
GetTickCount
HeapCreate
VirtualProtect
InterlockedExchange
CloseHandle
GetModuleHandleA
GetConsoleCP
GlobalUnlock

user32

DialogBoxParamA
SetPropA
SubtractRect
GetKeyState
EqualRect
ModifyMenuA
GetWindowTextA
CreateCursor
GetKeyboardLayout
DestroyMenu
PostMessageA
InsertMenuA
EnableScrollBar
UpdateWindow
DispatchMessageA
GetDlgItem
FindWindowA
CopyRect
SetWindowPos
CreateCaret
ShowWindow
MessageBoxA
TranslateMessage
GetMenuStringA
PaintDesktop

atl

AtlModuleInit
AtlSetErrorInfo
AtlAdvise
AtlUnadvise
AtlGetVersion

dnsapi

DnsStatusString

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ