f9823e6b48e0db8d6460549fbe52877f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9823e6b48e0db8d6460549fbe52877f_JaffaCakes118
Size

95KB
MD5

f9823e6b48e0db8d6460549fbe52877f
SHA1

84a9590e5f43dff81639eafa31df11844d308987
SHA256

195d2be8c9450f60aa6a8c23ec2f6f7912ef7c7750f375dbf2a71d2ce9cd2a30
SHA512

1347c144c28922051fcf6f31c36ee4dfb607de1c0c204da5230481cc756c8d0f11d6b83eb914e4ecfc869c7f1406c5b1ffe0053f4dcb3354dbf26fae28eebccf
SSDEEP

1536:6pWeOxL4pAUi740LVZiVnFYpbXHHbLeSlW/a7oxEs/LKIpYq5Xv7V5XLaSXY6Ve4:63OVoHi1LVQS7LeS/sxYmXv7VEiY6Vxv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9823e6b48e0db8d6460549fbe52877f_JaffaCakes118

Files

f9823e6b48e0db8d6460549fbe52877f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61cba9b97a2c3a5f8d30dae940ed00ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc
GetCurrentProcess
WriteConsoleA
TlsGetValue
GetStartupInfoA
GetModuleHandleA
SetSystemPowerState
FindNextFileW
FindFirstFileW
RemoveDirectoryW
FindClose
GetCommandLineA

user32

DrawTextA
GetWindowLongA
GetDC
GetAsyncKeyState
GetClassNameW
EnumWindows
GetClassInfoExA
CharLowerBuffA
GetKeyNameTextW
IsDlgButtonChecked
DrawEdge
SetDlgItemTextA
DefWindowProcW
ReleaseDC
LoadBitmapA

gdi32

CreateFontA
PtVisible
GetPixel
CreateRectRgn
SelectClipRgn
CreateCompatibleDC

msvcrt

malloc
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
time
strncmp
memmove
strchr
atoi
wcslen
exit
realloc
free
_strlwr
_ftol
strcpy
memset
fopen
_exit
_XcptFilter

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ