fcf48302700f30c54ef8f090f14809f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fcf48302700f30c54ef8f090f14809f9_JaffaCakes118
Size

41KB
MD5

fcf48302700f30c54ef8f090f14809f9
SHA1

0010e365f1d7b959a9941e034e745072d74e9f95
SHA256

789b5ac0f2b42ce0b113347146a53b3f601ab9dff35cf6101145e92091c2d033
SHA512

baa0876810571615316db63e458a37183bb8eafe75face40c74e69d013ff8354d77fff7d35204783bd8973264ce0883779255c1acf16a8ae568be482386ad0b9
SSDEEP

768:ItBaFZVSSgTq0LXfrHiAJboLwMaqkLm1XVzChQLUicfdj7sw:ItwZ3iq0LXjHiW8LpW++OLIBX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcf48302700f30c54ef8f090f14809f9_JaffaCakes118

Files

fcf48302700f30c54ef8f090f14809f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4c602d56daa9ed387a166acf9dacb9f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CheckMenuItem
DrawTextExW
GetMessageW
LoadImageW

kernel32

ExitProcess
GetCurrentProcessId
GetProcAddress
LoadLibraryA
VirtualProtect

Sections

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 26KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE