f6254b414ef7591289bfc4668a6598fb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6254b414ef7591289bfc4668a6598fb_JaffaCakes118
Size

147KB
MD5

f6254b414ef7591289bfc4668a6598fb
SHA1

0282a14071a8962c13a897a9646d2a024312d59f
SHA256

91677e8c2d233a2cab7072dd8e184dabd4048b78436b5e70260550154833125b
SHA512

3bc8d835f1b771857d7c965c82b70a75579f0d354d08887830dcc6a70a14aed3924af95fd5560bae429b1d26cb4c07e305dc92677f92db5f99e50e0031a8e6ab
SSDEEP

3072:afsoqGFwnf7N2m40PhqeUdPmsMOnNWFHiGpsUx+wyi9nSb:oiNt4oUdPtMSqHi7uFNSb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6254b414ef7591289bfc4668a6598fb_JaffaCakes118

Files

f6254b414ef7591289bfc4668a6598fb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f811268407b28e941b847b7f1ce7390

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

TranslateMessage
CharUpperW
KillTimer
GetAncestor
GetDC
CharNextW
GetMessageW
wsprintfW
SetTimer
PostThreadMessageW
DispatchMessageW
UnregisterClassA

winspool.drv

DocumentPropertiesW

kernel32

lstrcpynW
lstrcmpiW
GetACP
MultiByteToWideChar
FindClose
CheckRemoteDebuggerPresent
DeleteCriticalSection
GetLastError
EnumResourceTypesW
LockResource
GetTickCount
lstrcpyW
OutputDebugStringW
GlobalFree
lstrlenW
GlobalAlloc
lstrcpyA
InitializeCriticalSection
GetCPInfo
WideCharToMultiByte
GetModuleHandleW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isete
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ