0f1a56d14392b6dc130493b155b7537f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f1a56d14392b6dc130493b155b7537f_JaffaCakes118
Size

80KB
MD5

0f1a56d14392b6dc130493b155b7537f
SHA1

06f2356b89579d4b51698212f1adc32809fe2483
SHA256

bd2947f90bae860bfd76ec67c2603eedb9813fc38bae6bb884f6dfe9edf05112
SHA512

dc2b54ddb50de2a26db10b4fae905047e089cdd4f0598f70164a21f54cb3dfa2ecce167e43718038526154543fe3d2463389a16022aa6ae9b22447127d4af63d
SSDEEP

1536:nzoR8BVJEhuJGdUePXO+O1KCpWs51Knvy2kvhacuTwsT:nbVhQLPXnFC4k2uacuTw6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f1a56d14392b6dc130493b155b7537f_JaffaCakes118

Files

0f1a56d14392b6dc130493b155b7537f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f21f8fbc1270b4bf783337e5a6b275f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
DeleteAtom
ReadProcessMemory
FormatMessageA
LoadLibraryExA
GetOEMCP
CloseHandle
GetProfileStringA
GetTapeStatus
VirtualAlloc
GlobalLock
FindAtomA
CreateHardLinkA
GlobalCompact
ClearCommBreak
ExitThread
GetProcessHeap
GetCommState
GetStdHandle
GlobalFlags
GlobalFree

user32

BeginPaint
GetWindowTextLengthA
IsIconic
GetClassInfoExA
GetWindowTextA
GetParent
CloseWindow
RegisterClassA
ReleaseDC
DrawEdge
GetDC
ShowWindow
GetWindow
GetForegroundWindow
GetFocus
ValidateRect
EndPaint
GetClassNameA
GetActiveWindow

wsock32

WSAGetLastError
WSACleanup
WSAIsBlocking
WSAAsyncSelect
WSAStartup

dot3api

Dot3SetProfile

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ