f9abed530b2ec8b5ace9572680b11022_JaffaCakes118 | Triage

Sharing

General

Target

f9abed530b2ec8b5ace9572680b11022_JaffaCakes118
Size

317KB
MD5

f9abed530b2ec8b5ace9572680b11022
SHA1

01601d452e3f03701885be76e6e798dcd958ee27
SHA256

43e60281a52db02fbcc5e48ce9bdc592b8abe811ca17a99e6e378f58fdc7ad40
SHA512

464669b62730c5a9c390932505ae039731928cfc3f6a93330f63a7f6fa539417c325a745c3d2af58899215a45d51201851b3caf79650333755689861f0ff8740
SSDEEP

6144:tgqUeC/4nXA13lwjbjHMGcnr6hDLCF1bzzFD5BrOSMInBOwUsD1N:tggnX5Hrlcnr6hDLstzzYSMaBOwUsRN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9abed530b2ec8b5ace9572680b11022_JaffaCakes118

Files

f9abed530b2ec8b5ace9572680b11022_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4752714e66a87efef9fa4be7dad0f44f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomA
WriteProfileStringA
GetStdHandle
EnterCriticalSection
lstrcpyA
IsBadCodePtr
GlobalUnlock
FreeConsole
LocalFree
SetConsolePalette
GetOEMCP
DeleteAtom
RaiseException
LoadLibraryExA
GetLastError
LoadResource
GlobalFree
VirtualProtect
GlobalAddAtomA
HeapCreate
CloseHandle

user32

BeginPaint
IsIconic
CloseWindow
DrawEdge
GetWindowTextLengthA
GetWindow
EndPaint
GetClassInfoExA
ShowWindow
GetClassNameA
AlignRects
GetDC
GetWindowTextA
GetForegroundWindow
ValidateRect
GetParent
GetActiveWindow
GetFocus
ReleaseDC

mprapi

MprAdminUserWrite
MprAdminUserRead
MprAdminUserGetInfo
MprAdminUserClose
MprAdminUserOpen

linkinfo

CreateLinkInfoA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ