0133659b956925864f268039a4186b6c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0133659b956925864f268039a4186b6c_JaffaCakes118
Size

152KB
MD5

0133659b956925864f268039a4186b6c
SHA1

b5a961ede8d37ce649d58a744c2c3b193e1a5d1b
SHA256

e07af1631d5ff57a7c743057ed2818d03d13b38d08600b456bf9c5ce466e7b41
SHA512

215c00c034df1caeab453d0f6738c94109b70757c5027770d1cf14d88fbf62c5a785f65a04ec253149c2547dcedfc0d5bceb0266acc07a10b55560707e016d71
SSDEEP

3072:a04hS42lHuKCyEwEV1+BjbzrvkDHZ/xZjyOgdk6DF933gpKD3:aV3XqAIBjHetxZWOg359HH3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0133659b956925864f268039a4186b6c_JaffaCakes118

Files

0133659b956925864f268039a4186b6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92cc290af362ada1934ac02e947aa9f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
FindFirstFileExA
GetACP
GetStdHandle
Sleep
HeapCreate
GlobalFree
GetCommandLineA
SetErrorMode
EnterCriticalSection
ResetEvent
RemoveDirectoryA
ReleaseMutex
SetEvent
GetLastError
RaiseException
InterlockedExchange
GetLocaleInfoA
FindClose
LoadLibraryExA
GetSystemDirectoryA

user32

FrameRect
EndPaint
wsprintfA
FlashWindowEx
SetForegroundWindow
IsIconic
GetParent
GetWindow
ValidateRgn
DrawTextA
FillRect
GetFocus
BeginPaint
GetClassNameA
GetWindowTextA
ReleaseDC
GetCursorPos
SetActiveWindow
ShowWindow

dnsapi

DnsStatusString
DnsApiAlloc
DnsIsStatusRcode
DnsFree
DnsApiFree

clbcatq

CoRegCleanup

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ