023d6136d0927d41cfdb010607a2abdd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

023d6136d0927d41cfdb010607a2abdd_JaffaCakes118
Size

822KB
MD5

023d6136d0927d41cfdb010607a2abdd
SHA1

5c4f2f5313621677bf2b445dfafdb2c4cdb70ee8
SHA256

ba94b5802c1c9f240f0fc095453f1f33020b1da3bd0d1ad1d689b7322a2d71d3
SHA512

db31d350c936f7cdfed058a7bef9ef5aa7d0d94646d0241fbcf162d33ba0c2499364bf59cda24684e1b109a8c4c6f651b4d1b4963b2dadbba68dd26d5e92db48
SSDEEP

12288:p8pPdwTE/XF8k7lacazh/e1RpuDzVHXUctUVaaCq5l87kWEAM0VI/CXWdrYzmdvt:p8pwYjELkqHUP5l08AJVIAWdu7wSSU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
023d6136d0927d41cfdb010607a2abdd_JaffaCakes118

Files

023d6136d0927d41cfdb010607a2abdd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f91996e189b517f1551522949e5b7dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
CloseHandle
InterlockedExchange
WriteFile
GlobalFree
GetExitCodeProcess
GetMailslotInfo
lstrlenA
FindVolumeClose
GetEnvironmentVariableA
LocalFree
GlobalSize
GetDriveTypeW
GetCommandLineA
ResumeThread
GetModuleHandleW
CreateThread
GetPrivateProfileIntW
ResetEvent
VirtualAlloc

user32

CreateWindowExA
SetFocus
GetSysColor
GetSysColor
GetKeyboardType
GetClassInfoA
EndDialog
DrawStateW
GetClientRect
GetCursorInfo
IsWindow
DispatchMessageA
CallWindowProcW

netcfgx

DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllGetClassObject

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ