fb7e433879506fbe6754c00d8eba96f3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb7e433879506fbe6754c00d8eba96f3_JaffaCakes118
Size

130KB
MD5

fb7e433879506fbe6754c00d8eba96f3
SHA1

df731713e0cb7d9b9e2e52cd5f770a13d64697f8
SHA256

5fcab6fe87de704533ae5b553ee70098611515ea2d09a1cbe39dab896f9f8095
SHA512

ecad7616cdc967057b39b6441eb84d16022ed59870aa1c57a2a6520901ddb715204b0f636f5a74b8e0493145ecf7b430768a45c234943d252b6d69110f3bb9d3
SSDEEP

3072:N78F3vWLFTT0X663XtKA2xE2+n9SXwO5Kr:WKFTT0XptK7OMXwO5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb7e433879506fbe6754c00d8eba96f3_JaffaCakes118

Files

fb7e433879506fbe6754c00d8eba96f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bee63ed69f67e1a032677095b1e14b09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_acmdln
sprintf
memset
atol
swprintf
wcstol

user32

TranslateMDISysAccel
UnhookWindowsHookEx
UnregisterClassA
GetMenu
TranslateMessage
GetCursor
GetWindowTextLengthA
GetDesktopWindow

gdi32

SelectObject
RestoreDC

kernel32

GetStringTypeA
GetStringTypeW
LocalAlloc
VirtualAllocEx
GetSystemDefaultLangID
GetCommandLineA
LoadLibraryA

Exports

Exports

Pu5r5CZb@4
dvlO5kUMGZw@12
_q_WfN
_DHFqtPEyM0
_v51Cxwx
OyM_uK@12
_YhAgPVsU@4
atdIXZp
_Y2qq7V21r
pb0BhlmNc9p
WZt2Uvk0FOD9j@8
_4jrwIY23@4
_ZwNJBDE@20
eHQU8w2IVwa7Wo@8
_nAIkrK6nb8XA0@8
nOX9i0_kZeXyDW@20
zMSttSN
x36qLnLyB@12
mAz_a4bervTAZ

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ