0d3024dbe1941d360b81735dc693a653_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d3024dbe1941d360b81735dc693a653_JaffaCakes118
Size

73KB
MD5

0d3024dbe1941d360b81735dc693a653
SHA1

2084a828970bd4552ba315ce35f3b61483ecf75d
SHA256

d941f1c61d750aef9f1fa138b0b6c31aa4e2731e28e1489ad32a586067db1bbe
SHA512

c4495abec1e1ec8b9537ab18cee733409d4383fcf74b89a68d4b8178aeb16c4472d6fc6b6c5a41bdea687d6cc889903e58f6bd24cb3318d947967bf0ef3100cc
SSDEEP

1536:ePR/tH5CdwfwZgRG3sV7llkrvS4TmQfYMz/+nVRjqlW:ePR/z1YZgRGIlkrFBfYMz/+CW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d3024dbe1941d360b81735dc693a653_JaffaCakes118

Files

0d3024dbe1941d360b81735dc693a653_JaffaCakes118
.exe windows:4 windows x86 arch:x86

449a539e4ca15d4572b16ca5b73ad74a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadLocale
ExitProcess
GetModuleHandleA
CloseHandle
GetProcessHeap
ExitThread
GetOEMCP
VirtualAllocEx
GetCommandLineW
LoadLibraryA

user32

GetWindow
CharUpperA
DefWindowProcA
GetSysColorBrush
GetCursor
GetMenu
GetWindowTextLengthA
CreatePopupMenu
DefMDIChildProcA
DefFrameProcA

Exports

Exports

_VXIrNCMye0FQWB
_Xq8LBA@24
_mpfEbE0D@8
ZUbDF6Xd2
_wiJFp6

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 451B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/0/DIALOG/TEXTFILEDLG
.rsrc/0/MANIFEST/1
.xml
.rsrc/0/RCDATA/DVCLAL
.rsrc/0/STRING/4094
.rsrc/0/STRING/4095
.rsrc/1033/BITMAP/BBABORT.bmp
.rsrc/1033/version.txt
.text