039c572dd17f9a0e6acb05adbebc2a7a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

039c572dd17f9a0e6acb05adbebc2a7a_JaffaCakes118
Size

17KB
MD5

039c572dd17f9a0e6acb05adbebc2a7a
SHA1

3e28723e2f42c31a3decc21fc849e0aafc4fdf2e
SHA256

a6da75d7c8707ec00bc47f4198e3f451976a1e6f43084f20182e91c9378efd13
SHA512

aad39dc7671d67bbfa3432b4f1e59ed1b2741a548054f1c47616c3083c0f2ea69710a5579434024a7b278b4d6a90f5e7db9cf87791e8413f158de16a11097ff6
SSDEEP

192:XEvdNVLFfkpoKkxkiwwQqLhcvhHkIJJoiem91:0vdNVLi4v/dcvhH9oiJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
039c572dd17f9a0e6acb05adbebc2a7a_JaffaCakes118

Files

039c572dd17f9a0e6acb05adbebc2a7a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46485cdace4064c6b49a4b5390e119fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
lstrcmpA
IsDBCSLeadByte
GetACP
TlsFree
GetLogicalDrives
TlsGetValue
GetSystemDefaultLCID
GetCurrentThread
GetUserDefaultLangID
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetCurrentProcess
FreeLibrary
lstrcatA
GetCurrentProcessId
VirtualAlloc
GetDriveTypeW
GetModuleFileNameA
GetCommandLineA

user32

GetForegroundWindow
GetDC
GetWindowTextLengthA
GetWindowLongA
ReleaseDC
GetClassLongA
BeginPaint
GetActiveWindow
RegisterClassA
IsIconic
GetFocus
CreateWindowExA
GetSystemMetrics
UpdateWindow
GetWindowTextA
GetWindowDC
IsWindowVisible
ShowWindow
GetWindow

shell32

StrRChrA
StrChrA
StrRChrIA
StrChrIA
StrCmpNIA
StrCmpNA

secur32

GetSecurityUserInfo
AddCredentialsA
GetComputerObjectNameA
GetUserNameExA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ