0bc7e487d3f7d22eaefd1996e27d5132_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bc7e487d3f7d22eaefd1996e27d5132_JaffaCakes118
Size

404KB
MD5

0bc7e487d3f7d22eaefd1996e27d5132
SHA1

c12197e513cefe6d6b338fe0f2319c3a4a7026e0
SHA256

f43713e1b12f96b90b4a93a697edad13b46e184dfeb56696f02daa183e81a690
SHA512

aa05db14df26f1a16bfb16ef007f2d6d17ed5c66b43c340534a11c62dfafd58aeeda861a8278ddb4ce9bbb36afb5faae835592faccbc77ba45b357979bb7db95
SSDEEP

6144:tE6e7LKaOJjQ1yTHqac8Tq3ARBPpYs3htGRZ1xygJ1sm45+HBgAKe5t8Nqi7uEaS:tE6eiNu47c82wnPp7hOJyK4wbHY7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bc7e487d3f7d22eaefd1996e27d5132_JaffaCakes118

Files

0bc7e487d3f7d22eaefd1996e27d5132_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8ce79846eb0f821f2a0a9523480dc1d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostQuitMessage
SendMessageW
GetParent
DdeConnectList
SetKeyboardState
DdeDisconnectList
TileWindows
ChildWindowFromPointEx

advapi32

CloseEventLog
GetSecurityDescriptorRMControl
ElfRegisterEventSourceW
TrusteeAccessToObjectA
InitiateSystemShutdownExA

kernel32

LocalFlags
GetProfileIntA
GetConsoleAliasesA
GetCommandLineA
ReplaceFileW
Module32NextW
TermsrvAppInstallMode
ExitThread
FindFirstFileExA
GetCurrentProcess
GetConsoleDisplayMode
WritePrivateProfileStringA
GetProcessWorkingSetSize
VirtualProtect
GetStringTypeA
lstrcmpi
MoveFileA
IsValidLanguageGroup
TerminateProcess
InterlockedExchange

Sections

.text
Size: 395KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ