ff3e8b44437d8dd42004be99dd95a2f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff3e8b44437d8dd42004be99dd95a2f7_JaffaCakes118
Size

305KB
MD5

ff3e8b44437d8dd42004be99dd95a2f7
SHA1

f2a519f4e282cb25b921345b0514449d25b84aa0
SHA256

9552a4dbb3846a1ef3ef5cd403bb18865fd2f5305a1274d1aad0da9db9fb2ce0
SHA512

bdb2a2162996d4e9668fc0d5a8b8c66f339381e48d4d2545279303a8089c570507d7cfe90a6f06d72aa4dda82e677f234e4fc81254e21e88a7c95a9f5b9c04c0
SSDEEP

6144:g6JldqqJuTRni6alrUIyxUaCWnJJ864xOx7mAUuMPsxU8H:RHJIRni6+gI4znJJ86Bx7TCKU8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff3e8b44437d8dd42004be99dd95a2f7_JaffaCakes118

Files

ff3e8b44437d8dd42004be99dd95a2f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55329eb496275b39fe68b2c4f2d9bbe9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
IsBadStringPtrW
WriteFile
FindClose
ReleaseMutex
lstrlenW
LocalFree
GetFileTime
LoadLibraryW
ReleaseMutex
GetPrivateProfileStringA
TlsGetValue
InitializeCriticalSection
CreateEventW
HeapCreate
GetDriveTypeA
GetEnvironmentVariableW
GetCurrentThreadId
GlobalFlags
FindAtomA

user32

DispatchMessageA
SetFocus
IsWindow
EndDialog
DrawTextA
CallWindowProcW
CreateWindowExA
GetSysColor
GetSysColor
GetKeyboardType
GetClientRect
DrawStateW
GetClassInfoA

rastapi

DeviceDone
DeviceDone
DeviceDone
DeviceDone
DeviceDone

advapi32

InitializeSid

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ