f673d8f61a32ff0e550f6985b194dbbf_JaffaCakes118 | Triage

Sharing

General

Target

f673d8f61a32ff0e550f6985b194dbbf_JaffaCakes118
Size

13KB
MD5

f673d8f61a32ff0e550f6985b194dbbf
SHA1

8ef4857d0812f6f3eb5e76e0cd9cf11b9bb01d0a
SHA256

465e075688109b59ce08d12499751a6eff19cc825941e9d4dec9b792ae5220d5
SHA512

bfd42d69d68e57b6c1f2de69efb679bd99cb85191eb88889feee249b71bddebf6eff5e7bddb43b7f1d4196cd7753e14b1d3b624b8700b9fda3bd559eff9e21c7
SSDEEP

192:pYaCYE9JI67kB+9X9Hf5JMo14NVQMOpliZXloPKDN:pYaCDD19X9Hf52o6VQjHM1oPKD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f673d8f61a32ff0e550f6985b194dbbf_JaffaCakes118

Files

f673d8f61a32ff0e550f6985b194dbbf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c4a0ba5350bba0f80b80c937eb70b07c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ContinueDebugEvent
CopyFileA
CreateFileA
CreateProcessA
CreateThread
ExitProcess
FreeLibrary
GetFileSize
GetModuleHandleA
GetProcAddress
GetTempPathA
GetVersion
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
ReadProcessMemory
ResumeThread
SetFilePointer
SetUnhandledExceptionFilter
SuspendThread
TerminateProcess
VirtualAlloc
VirtualFree
VirtualProtect
WaitForDebugEvent
WaitForSingleObject
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA

user32

CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
GetMessageA
MessageBoxA
RegisterClassA
TranslateMessage
wsprintfA

comdlg32

GetOpenFileNameA

imagehlp

ImageNtHeader
ImageRvaToSection
ImageRvaToVa

forcelibrary

TrapEntry
ForceLibraryDBG
PerformCleanup

msvcrt

__getmainargs

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE