fa853d4f7cf7ce0ee37cc6e430bf76f4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa853d4f7cf7ce0ee37cc6e430bf76f4_JaffaCakes118
Size

157KB
MD5

fa853d4f7cf7ce0ee37cc6e430bf76f4
SHA1

4413d2de984259b96f1200c7a391a59790044696
SHA256

a3a9224ddf8c720aa10d72cfd5d34cf29fe40c864208728f2f798d239d0870cd
SHA512

654672bb6fe63cb8141478a6d2415170da6edc0c2427b053f86f7a782120d0b43b1a90fbfdef70259eb27fbbcae568cde2981ea0c823ccdd4c65e7b810257074
SSDEEP

3072:XxJcYgm0imtYgyUIVwhFK5RHXeK/wlDty6rjV+B02lfV6LZoobs:XncYgmQtVSVwTeHb/6DtlHVEHlfsC8s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa853d4f7cf7ce0ee37cc6e430bf76f4_JaffaCakes118

Files

fa853d4f7cf7ce0ee37cc6e430bf76f4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c4a0ba5350bba0f80b80c937eb70b07c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ContinueDebugEvent
CopyFileA
CreateFileA
CreateProcessA
CreateThread
ExitProcess
FreeLibrary
GetFileSize
GetModuleHandleA
GetProcAddress
GetTempPathA
GetVersion
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
ReadProcessMemory
ResumeThread
SetFilePointer
SetUnhandledExceptionFilter
SuspendThread
TerminateProcess
VirtualAlloc
VirtualFree
VirtualProtect
WaitForDebugEvent
WaitForSingleObject
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA

user32

CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
GetMessageA
MessageBoxA
RegisterClassA
TranslateMessage
wsprintfA

comdlg32

GetOpenFileNameA

imagehlp

ImageNtHeader
ImageRvaToSection
ImageRvaToVa

forcelibrary

TrapEntry
ForceLibraryDBG
PerformCleanup

msvcrt

__getmainargs

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE