f50a625b1842ae64c6608b037fbfdb07_JaffaCakes118 | Triage

Sharing

General

Target

f50a625b1842ae64c6608b037fbfdb07_JaffaCakes118
Size

9KB
MD5

f50a625b1842ae64c6608b037fbfdb07
SHA1

27dd9fe5d63f31cf7b1cf5f7c5a6a685a9979797
SHA256

20bab9f09fe2d8339d2a7521f8ede4ec356914d5cd26d5f2150ad6b91e4f794b
SHA512

9d0fc60cc47d114958ee2a2a32718e73f5ca42602e672e11af3387dac8ca9f343e9c09fa46f6d10b395d270f96bcf944b6b390599abc45ae43c29fcf66413f93
SSDEEP

192:jQIJQy7eBWyoVHNYCTLI9aGQbucjnpbS4iE9vutejB4G7W6:ZX8boRNYzaGQbL1bS49v94G7W6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f50a625b1842ae64c6608b037fbfdb07_JaffaCakes118

Files

f50a625b1842ae64c6608b037fbfdb07_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7435117312eaf6adf38e91c7a12f20c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
lstrcpyA
GetProcAddress
GetThreadPriority
GetACP
GetTickCount
GetCurrentThread
CloseHandle
FindFirstFileA
CancelIo
CreateProcessA
lstrcatA
GetStartupInfoA
MoveFileExA
WriteFile
CreateFileA
GetCurrentProcessId
GetTempFileNameA
FreeLibrary
LoadLibraryA
CreateDirectoryA
Sleep
lstrcmpiA
DeleteFileA
ReadFile
SetFilePointer
GetFileSize
GetSystemDirectoryA
GetModuleFileNameA
GetTempPathA
GetShortPathNameA
GetLastError
CreateMutexA
GetCurrentThreadId
lstrcpynA
HeapAlloc
GetProcessHeap
HeapFree
lstrlenA
ExitProcess

user32

GetTopWindow
GetActiveWindow
SetActiveWindow
wsprintfA
GetCapture

gdi32

GetBkMode
GetBkColor
CancelDC
GetBrushOrgEx
CreateCompatibleDC
CreateCompatibleBitmap

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE