0a472b4a554c18533b54daedeafb17d8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a472b4a554c18533b54daedeafb17d8_JaffaCakes118
Size

92KB
MD5

0a472b4a554c18533b54daedeafb17d8
SHA1

668d10812f09d4013fd5c6312b63f959c042c286
SHA256

9edbec6a431c323632a46cc2edb483718d5c8a7adf4ac4ca52bde98ebdd17278
SHA512

6ee8cdeb10a5a2528cf598161c9d1585c2818e07c5ff04be37b79555896668d657acfdf764cedf25199af0e746e150062a4206889d27459f779ed8999ee3f174
SSDEEP

1536:ZM9IZ1t/d9RaIKYu70ePtxY5RSc/Hsy3ibA5NWVhrMKZ7PTOoa4tf:y9qhaIxmZkTN3oA5NWvxZ7bOo3tf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a472b4a554c18533b54daedeafb17d8_JaffaCakes118

Files

0a472b4a554c18533b54daedeafb17d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

78ab3d83c692c594ec269100627382c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

FindTextA

user32

GetKeyState
ReleaseCapture
PostMessageA

kernel32

LocalShrink
QueryDosDeviceW
LocalFlags
HeapCreate
WideCharToMultiByte
CallNamedPipeW
CloseHandle
ConvertThreadToFiber
CreateSemaphoreW
EnumSystemCodePagesA
EnumSystemLocalesA
ExitProcess
FoldStringW
GetACP
GetCommandLineA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntW
GetStartupInfoA
GetVersionExA
HeapAlloc
TlsFree

ole32

CoTaskMemAlloc
CoGetMalloc
CreateAntiMoniker
StringFromGUID2
CoFileTimeNow
CoCreateInstance
CoCreateGuid
CoBuildVersion
CoTaskMemFree

dbghelp

UnmapDebugInformation
SymRegisterFunctionEntryCallback
SymRegisterCallback64
SymGetSymFromName64

comctl32

ImageList_DrawIndirect
ImageList_Draw
ImageList_BeginDrag

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ