fa0692acadaaeb6787a728900b2b2fd2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa0692acadaaeb6787a728900b2b2fd2_JaffaCakes118
Size

151KB
MD5

fa0692acadaaeb6787a728900b2b2fd2
SHA1

8ef20b0b9b1c7e1726bc90c8771786d928302183
SHA256

3e9e67aa80efba3735393e1a6581d15290d70a92e37f0ef4f57c1be3b889f7ea
SHA512

4dbbcf7823b1c01dc8dc6a696bcf2be06166957f30cc206e477b1f3eb95e8201e2373a7b46694b4d1280ed230594bdd07a53e80d3d0b64524b0023f07dbec652
SSDEEP

3072:Voiwo812BFQkf9DgzN6fQbXem0RvtXy3IkdZ+gKc+6pB:f8ABS49MzN6WOB72PKt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa0692acadaaeb6787a728900b2b2fd2_JaffaCakes118

Files

fa0692acadaaeb6787a728900b2b2fd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99631b552790ec2dd171c8c147c9eeed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
VirtualAlloc
RemoveDirectoryA
DeleteFileW
VirtualFree
GetCurrentProcess
lstrcmpiW
GlobalFindAtomW
GetOEMCP

gdi32

CreatePalette
LineTo
SetMapMode
RectVisible
SetBkMode
GetTextMetricsA
SetStretchBltMode
GetStockObject

user32

CharNextA
GetDesktopWindow
GetDC
GetParent
TranslateMessage

glu32

gluTessCallback

comctl32

InitCommonControls

Sections

.text
Size: 1024B - Virtual size: 877B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Lmtmtcaa
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ