f995cb600e51ecb60b017a9ce4f3cbf2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f995cb600e51ecb60b017a9ce4f3cbf2_JaffaCakes118
Size

241KB
MD5

f995cb600e51ecb60b017a9ce4f3cbf2
SHA1

9dcbca96b1f052f1629ec70d9b99756819a96771
SHA256

c89e01217a4fc0d6ca1b81a45471d6b27c033b315fff9de4e9501045d15066aa
SHA512

71c739fa26833b53520ca1b6580bda4512a4d9e4560877a6ca443f51974bd7a349e5efba301f4675e715aeb21871511b5ff78a72808e3ac5b798b9ef8d6f9712
SSDEEP

6144:4QcUMbOf2fMQULZ/JXgHzJr2EiEBCJR4D:4qMbGBZLqFiKCJRk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f995cb600e51ecb60b017a9ce4f3cbf2_JaffaCakes118

Files

f995cb600e51ecb60b017a9ce4f3cbf2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e40b231e46a9ec710525c917048b6504

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalHandle
VirtualAlloc
TlsGetValue
GetProcessHeap
GetUserDefaultLangID
ReleaseMutex
TlsFree
GetModuleHandleA
GetVolumeInformationA
GetPriorityClass
GetOEMCP
GetStdHandle
CompareStringA
OpenSemaphoreA
LocalAlloc
GlobalFindAtomA
GlobalLock
GlobalFree
LoadResource
CreateThread
GlobalFlags

user32

DrawEdge
GetClassNameA
GetClassInfoExA
ReleaseDC
BeginPaint
GetFocus
ShowWindow
RegisterClassA
GetWindow
GetActiveWindow
EndPaint
CloseWindow
GetWindowTextLengthA
IsIconic
GetDC
GetWindowTextA
GetForegroundWindow
GetParent
ValidateRect

shell32

SHGetFileInfoA
SHGetMalloc
SHBrowseForFolderA
SHChangeNotify
SHGetFolderPathA

userenv

GetGPOListA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ