fb708798506c47867d26a6dbe0a3da63_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb708798506c47867d26a6dbe0a3da63_JaffaCakes118
Size

97KB
MD5

fb708798506c47867d26a6dbe0a3da63
SHA1

3deffbac469b90c462c90ea051b414f9e47aa101
SHA256

38f4adb672aac7efee6ec474318cb866958128403adb31384bda5b8a99960675
SHA512

2ecd302c91c44c0297c11ae3b0bcd27d716cedbfb10d1f6c727c2ffd194c0c5c72c6a06496676d9236184fa365ddd39ebeea401673c5cdf771815b66b21f949a
SSDEEP

1536:FRtVjcf7u6iR3m3CBoxTSPNjtNo9gSNN8vSLXY4SCLhw6gEKGdPA6gnRw6t:FPVjjtWmPNjtNo9+v4JSIhwUA6gnRp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb708798506c47867d26a6dbe0a3da63_JaffaCakes118

Files

fb708798506c47867d26a6dbe0a3da63_JaffaCakes118
.exe windows:5 windows x86 arch:x86

94e42e692d5d547b484ea5f2a5e87da3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetOEMCP
GetWindowsDirectoryA
GetCurrentProcessId
GetVersion
GetCurrentThread
RemoveDirectoryA
GetCurrentThreadId
VirtualAlloc
lstrcmpA
GetCurrentProcess
MulDiv
GlobalFindAtomA
VirtualFree

user32

CharNextA
ShowWindow
DispatchMessageA
GetDesktopWindow
TranslateMessage

gdi32

SetTextAlign
SetStretchBltMode
DeleteObject
DeleteDC
CreateCompatibleDC
GetStockObject

glu32

gluTessCallback

comctl32

InitCommonControls

Sections

.text
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Hrdnj. B
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ