099cb7223637eaa2faf194ec89a61a85_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

099cb7223637eaa2faf194ec89a61a85_JaffaCakes118
Size

114KB
MD5

099cb7223637eaa2faf194ec89a61a85
SHA1

d1830faf357080aea4417edcbbd218ba8ed19248
SHA256

b01d99a660dc8d1765a3bbde64fe1609b1f54acbcb5f0f37de8532006b89780d
SHA512

c1bb397ed25cbe54f79ef6b3436a3c74fa4abe410f71d5283cbea89f679862236b78282e209eaad4fb0cf08c436336c7d4af73d86f2a0af8d4870918e89dcbcc
SSDEEP

1536:f4aLjWSGLdZXFXtX7wAU0+eMBleO3xFv+7BO2Nb9dIayTA/kOaOSFjr:fBodZXVt0t0+eMBlN3xF+7VzInAg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
099cb7223637eaa2faf194ec89a61a85_JaffaCakes118

Files

099cb7223637eaa2faf194ec89a61a85_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ee774428678eeb710fd77ec17330919f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetFileAttributesA
VirtualAllocEx
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
Sleep
GetLogicalDrives
SwitchToThread
FileTimeToLocalFileTime
GetStdHandle
GetDateFormatA
LoadResource
RtlUnwind
CloseHandle
GetOEMCP
GetLocaleInfoA
TlsGetValue
GetModuleHandleA

user32

LoadCursorA
SetWindowTextA
PostMessageA
GetForegroundWindow
InvalidateRect
SetWindowsHookExA
WinHelpA
GetSystemMetrics

ole32

OleInitialize
RevokeDragDrop

comctl32

ImageList_BeginDrag
ImageList_DragLeave
ImageList_DragMove

gdi32

DeleteObject
GetDCOrgEx
GetBkColor

clbcatq

SetSetupOpen
CheckMemoryGates

ntdll

ZwReleaseSemaphore
ZwClose
RtlGetNtProductType
RtlGetLastWin32Error
ZwQueryTimerResolution
ZwQueryInformationPort
ZwQueryMutant
NtSetTimer
NtCreateTimer
ZwQuerySymbolicLinkObject

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ