fa689b4f646c5c6920990591560711c6_JaffaCakes118 | Triage

Sharing

General

Target

fa689b4f646c5c6920990591560711c6_JaffaCakes118
Size

416KB
MD5

fa689b4f646c5c6920990591560711c6
SHA1

38490915c1d6b713cb969d7c308e4a92c25f40a8
SHA256

468763146dfa65a260ec5ccbccd148d4bd72b4acb4dd4f75e28cd8a2eb34493b
SHA512

c711d21e2df8d22e3f79dc7175d26ab96a8ab96eba3c14281fa14be4c121fd424db327e588857a3cc2ed51ae5e45a56936ff2025c865cf97e5e0dfb68d700ece
SSDEEP

6144:CE6b2I7dBJY+l8EAnddMJfnDnDYiktjAg2SDj2uqLUITtjtz:J6qIprYLsr0iktjrpDSFJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa689b4f646c5c6920990591560711c6_JaffaCakes118

Files

fa689b4f646c5c6920990591560711c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc1ed443733d5696535901ab05b62aae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetStdHandle
GetCommandLineA
GetFileAttributesExA
GlobalAddAtomA
InterlockedExchange
Sleep
EnterCriticalSection
GetLocaleInfoA
LoadLibraryExA
GlobalAddAtomA
LockResource
GetLogicalDrives
VirtualProtect
GetLastError
GetACP
CloseHandle
RaiseException
HeapCreate
SetErrorMode
GlobalFree

user32

GetWindowTextA
GetClassNameA
FillRect
IsIconic
SetForegroundWindow
GetActiveWindow
GetCursorPos
ValidateRect
GetParent
ShowWindow
BeginPaint
GetWindow
GetFocus
FlashWindowEx
wsprintfA
ReleaseDC
FrameRect
DrawTextA
EndPaint

httpapi

HttpCreateHttpHandle
HttpTerminate
HttpAddUrl
HttpInitialize
HttpAddFragmentToCache

winhttp

WinHttpOpen

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ