093e41d5d519b6c6ba2260cc27b1ecd7_JaffaCakes118 | Triage

Sharing

General

Target

093e41d5d519b6c6ba2260cc27b1ecd7_JaffaCakes118
Size

198KB
MD5

093e41d5d519b6c6ba2260cc27b1ecd7
SHA1

969abb6fdf2ccbaf1c3c1bd8e0640cb9c0dad9e8
SHA256

153a423658986d83eb0f2ca3b706cf2736dd5698a8145b1b5eef140ad266e5c2
SHA512

55bb827fb01eff54ceaa7f057330c2ae3426dc4cedaa7e3dccb63b933d6906dd925aaa7773a9ac0a586c227ec0897f90c16f454f51b66e755998329068c7429e
SSDEEP

6144:Btbhwnz0Wq8YWvVSIGzVjjSEKuO+NTlNnD+ag:BttwnzPpnEIG5jjSEKIldP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
093e41d5d519b6c6ba2260cc27b1ecd7_JaffaCakes118

Files

093e41d5d519b6c6ba2260cc27b1ecd7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f162cae4b54ea341b36dc675e46975cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
ExitThread
FormatMessageA
GetCommandLineA
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetModuleHandleA
GetPriorityClass
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LoadLibraryA
LocalAlloc
OpenEventA
QueryPerformanceCounter
SetUnhandledExceptionFilter
VirtualAlloc
VirtualProtect

msvcrt

atof
fseek
strcmp
strncmp
strstr
wcscpy
wscanf
strncat

user32

OffsetRect
KillTimer
InvalidateRgn
InvalidateRect
IntersectRect
EndDialog
DrawTextA
DialogBoxIndirectParamA
ScrollWindowEx

comctl32

ShowHideMenuCtl
MenuHelp
InitCommonControls
GetEffectiveClientRect
DrawStatusTextA
CreateToolbarEx
CreateStatusWindowA

Sections

.text
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ