05f4da654434bc11e2adf0764fd4af72_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05f4da654434bc11e2adf0764fd4af72_JaffaCakes118
Size

385KB
MD5

05f4da654434bc11e2adf0764fd4af72
SHA1

0a821b644c57590ebda188f03d440fd1ebc2112c
SHA256

cee067643a66303b5604959ec1f4253c0d961358155b22a836be8b1cdd96ca70
SHA512

8e4246bc355e7d436edae00b1023f79b14a3a80d50c3990a1681bde918aa7d2fe13b3aaa60652ae2aa325b88202d9c10ed5bfe1aa097c915aafa5be6c98393b4
SSDEEP

12288:QJI3ldjdjmXmMrTZvezkO/9KDx1kjxvCy/UXp:QJqhdjmXpKr0DxwsX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05f4da654434bc11e2adf0764fd4af72_JaffaCakes118

Files

05f4da654434bc11e2adf0764fd4af72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

afa517874f59665f06b78b8f7de359d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
CloseHandle
CreateThread
GetModuleHandleW
FindVolumeClose
InterlockedExchange
GetExitCodeProcess
GetACP
GetCommandLineA
ResetEvent
GetDriveTypeW
GetEnvironmentVariableA
GetPrivateProfileIntW
GetMailslotInfo
GlobalSize
lstrlenA
ResumeThread
VirtualAlloc
GlobalFree
WriteFile

user32

CallWindowProcW
GetCursorInfo
GetClientRect
GetKeyboardType
EndDialog
DrawStateW
SetFocus
GetSysColor
DispatchMessageA
CreateWindowExA
IsWindow
GetSysColor
GetClassInfoA

qedit

DllUnregisterServer
DllGetClassObject
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ