04c69047783e53f33f0555530ccfe003_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04c69047783e53f33f0555530ccfe003_JaffaCakes118
Size

96KB
MD5

04c69047783e53f33f0555530ccfe003
SHA1

289ed9abb2f1fe3090598adc4fa8abbb045b0dcc
SHA256

0a1f7a65a259c6a3270c21b99fdfb792b492c590c49be234ff3c97b5a3b8e991
SHA512

17b03bb249bc6879d419cd4a1e417f77dd767293137d00ac46b6cd660b3f6805c745fdd3b7a0464c5cd5cd82e636fa5af26ce7bd85cfa18472ad882b20802164
SSDEEP

1536:2GeJqsrtuy9Bo/Om+ZXSlmVpglYLoKAc8c77n0jYXLeE2/sA19yPLg5jb:2GeYWb/oGhSlmWYH8X/sAPsqH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04c69047783e53f33f0555530ccfe003_JaffaCakes118

Files

04c69047783e53f33f0555530ccfe003_JaffaCakes118
.exe windows:6 windows x86 arch:x86

6db665ef1e844fab3ccfc96efb3e51a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
QueryPerformanceCounter
MultiByteToWideChar
QueryPerformanceCounter
SetEvent
GetTickCount
GetCurrentProcess
GetProcessHeap
GetCurrentThreadId
LocalAlloc
GetCurrentProcess
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
QueryPerformanceCounter
GetCommandLineW
WaitForSingleObject
SetEvent
GetCommandLineW
GetCommandLineW

ntdll

NtAllocateVirtualMemory

user32

CreateWindowExW
LoadIconW
ReleaseDC
SendMessageW
DefWindowProcW
GetMessageW
ReleaseDC
SendMessageW
LoadIconW
CreateWindowExW
LoadIconW
PostMessageW
GetDlgItem
SetTimer
ShowWindow

gdi32

PatBlt
BitBlt
LineTo
GetTextMetricsW
PatBlt
PatBlt
SelectObject
CreateCompatibleDC
SetTextColor
GetObjectW
LineTo
GetTextMetricsW
CreateCompatibleDC
PatBlt
SetTextColor
SetTextColor
DeleteObject

Sections

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ