09396ffac12c1275ec3667796a3a736e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09396ffac12c1275ec3667796a3a736e_JaffaCakes118
Size

202KB
MD5

09396ffac12c1275ec3667796a3a736e
SHA1

aef56f6891ca5aa5844834af2aabdd34872b2f31
SHA256

7caaeef22927c5475e80c99523c9b9690ffee617ad10b5733b3849a5550aefba
SHA512

8890243eecdb3fe5be26fc54ec90265203489eaa5f81181130f859a5da2b77ed5a3b9ff484db9825615ff29257ca37443fafd5c2a5c6e0146e528c61d1162044
SSDEEP

3072:w8TfHJb/Hq2ocYuFVH5cTS7xjh5KqmtoSwCV/qCGeiI5R3vITV7CP9RmHlUzOzhW:5fpb/HDYaitOMXMIr3FFRe/zhe/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09396ffac12c1275ec3667796a3a736e_JaffaCakes118

Files

09396ffac12c1275ec3667796a3a736e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e231dcb3e3c652f49d1c5c204ef768f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
CreateWindowExW
IsWindow
DestroyWindow
EnumChildWindows
GetDlgItem
GetWindowThreadProcessId

rpcrt4

UuidCreate

kernel32

VirtualAlloc
ExitProcess
GetCalendarInfoW
RtlUnwind
HeapCreate
DeleteCriticalSection
VirtualFree
GetOEMCP
RaiseException
GetStartupInfoA
HeapSize
EnumResourceNamesA
HeapDestroy
SetFilePointer
HeapReAlloc
FreeEnvironmentStringsA
InitializeCriticalSection
GetACP
LeaveCriticalSection
SetEndOfFile
IsValidCodePage
ReadFile
EnterCriticalSection
GetCPInfo
SetEnvironmentVariableA

ole32

CoGetMalloc
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoQueryProxyBlanket
CoUninitialize
CoInitializeSecurity
StringFromGUID2

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ