0b28da0425c8304cfbd1b40f9b64d494_JaffaCakes118 | Triage

Sharing

General

Target

0b28da0425c8304cfbd1b40f9b64d494_JaffaCakes118
Size

871KB
MD5

0b28da0425c8304cfbd1b40f9b64d494
SHA1

ee390442d0dcedfb29510f0e1f257867671f6bef
SHA256

8d6a8bbe48a7ae0f594b074e460f0d3cc8af8eaf8ea9737097b822ac023c6187
SHA512

42c9495be6d136740a14df596fdf11d9f7d1d3eb1fa4cd9f7c73909af0b3883fbb3cbdc4fddd869dcfff1b08a992c9b917a1cb37fda1ee0fb3a576f55fa4c912
SSDEEP

12288:dMSqK1uQufhKHrCl18s6VwnCPruQRJT8ZwZGJ0v8iM38jBPA:df6Qufh6UuwnCzcZwU7bsPA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b28da0425c8304cfbd1b40f9b64d494_JaffaCakes118

Files

0b28da0425c8304cfbd1b40f9b64d494_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7774a39c10e1f6a20b92812830de970

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeA
DeleteFileA
CloseHandle
GetStartupInfoA
IsBadStringPtrW
IsDebuggerPresent
GetCommandLineA
CloseHandle
TlsAlloc
HeapDestroy
SetEvent
GetModuleFileNameW
CreateFileMappingW
CreateFileA
DeviceIoControl
HeapCreate
Sleep
GetModuleHandleA
ReleaseMutex
lstrlenA

user32

DispatchMessageA
DispatchMessageA
DestroyMenu
FindWindowW
LoadImageA
IsZoomed
IsWindow
GetWindowLongA
DestroyWindow
PeekMessageA
CallWindowProcW
GetIconInfo
DrawTextW

cryptext

CryptExtAddPFX
CryptExtAddPFX
CryptExtAddPFX
CryptExtAddPFX

rasapi32

DwCloneEntry

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 863KB - Virtual size: 863KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ