037875ac85994f74f85bca769a2dda4e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

037875ac85994f74f85bca769a2dda4e_JaffaCakes118
Size

488KB
MD5

037875ac85994f74f85bca769a2dda4e
SHA1

3989c0a1a27ace07e080bf403e9172bd4883ff90
SHA256

e7614b3ad100ae53d097e8c317391e82a685565a32896905f374c5a55d2f8715
SHA512

02a3624d912c403b473bb424c4c2c16dc7c32aa8966e69f341722e1bd56e51e983d68e582c1b6e4aa30ef3d13749bdbb12e0b1192360b12c80a8d550f136cffb
SSDEEP

6144:1HMKsCejMmDm73Sf5wvcYm2sQ2xKYvjdBEHMm7DOe9HRGR4EFktwOmCJEuGG0:1HFs7jMmb5wh1sQE9jjE6JeEkWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
037875ac85994f74f85bca769a2dda4e_JaffaCakes118

Files

037875ac85994f74f85bca769a2dda4e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8688a3feb613cd762dcab77d30801add

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteAtom
DeleteFileA
GetPrivateProfileStringW
GetCurrentThreadId
CreateMailslotA
GetStdHandle
GetCurrentProcessId
FindAtomA
IsBadCodePtr
GetModuleHandleA
CloseHandle
GetFileAttributesA
SuspendThread
HeapDestroy
GetProcessTimes
EnterCriticalSection
GetPriorityClass
ReadFile
GetModuleFileNameA
HeapCreate

user32

IsWindow
DispatchMessageA
GetKeyboardType
GetClientRect
GetWindowLongA
SetFocus
DispatchMessageA
CallWindowProcW
GetKeyState
DrawTextW
GetClassInfoA
GetSysColor
GetWindowInfo

fwcfg

InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll

appwiz.cpl

ConfigStartMenu

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ