f5a8f7925f542bc40fe7810aa34f488f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5a8f7925f542bc40fe7810aa34f488f_JaffaCakes118
Size

636KB
MD5

f5a8f7925f542bc40fe7810aa34f488f
SHA1

99956ef150009546ae9ee0ceb0f2a33b6187cb3c
SHA256

3956e2875237ed33d23c362b27ec6ff3c2b5e7fa64e62fecb10e24ebc6ca4d0e
SHA512

71a7031facd8599673276f58fb8fd75d4b198b9e188b8fe0db54eab72a47c0a6878df63ff8c4c08ae47d913cb49ae4798b57a4e205b2fe7ea3d2170ae56dc82a
SSDEEP

12288:YeFCcWetVnPy63WqPjKaskE8xgZDeGZaLd3ZOjL8m0bfdAi1W/Lu6if4QQqMv07X:YeFCMtVa63WqPjKash8ginFZO/8bbf+Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5a8f7925f542bc40fe7810aa34f488f_JaffaCakes118

Files

f5a8f7925f542bc40fe7810aa34f488f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2089f5fa161c6e080ee2bb095960ea87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
VirtualProtect
GetACP
FlushFileBuffers
GetCurrentProcessId
GetCurrentThread
GetTimeFormatA
GetEnvironmentStringsA
GetModuleHandleA
HeapCreate
FormatMessageA
HeapDestroy
WriteConsoleA
IsDebuggerPresent
GetThreadPriority
GetExpandedNameA
InterlockedExchange
GetStdHandle
DeleteAtom
OpenSemaphoreA
GetCurrentProcess

user32

GetDlgItem
EndPaint
GetParent
ShowWindow
ReleaseDC
FrameRect
IsIconic
GetClassNameA
GetFocus
DrawTextA
GetWindow
BeginPaint
ValidateRgn
wsprintfA
FillRect
SetActiveWindow
GetWindowTextLengthA
GetCursorPos
SetForegroundWindow

linkinfo

GetCanonicalPathInfoA
ResolveLinkInfoA
DestroyLinkInfo
IsValidLinkInfo
GetLinkInfoData

version

GetFileVersionInfoA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ