0fa99f42dd351d733c713a48c3778450_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fa99f42dd351d733c713a48c3778450_JaffaCakes118
Size

243KB
MD5

0fa99f42dd351d733c713a48c3778450
SHA1

564bd1e46b22f76d2965c8e723c7e0859fc4dc0a
SHA256

1a15ff1c27b2ee57f7b4683e8425a3d24495bbfe4870f4357351666acf77857d
SHA512

0973cd847d44717eb74086daa69b7bd33abd4fce30c9c4c9fc9f304b603af418a30ea7b0d69a32aa0fbffe1808f52d8269dd8e3026020ef8971d5de76946aa2b
SSDEEP

3072:jvK2sccqDgwpkgCJ473oF6fJGJmMDWuAclkOFSHPVAgLw41f7YzMf14E+k8xXQzN:jAbwp4F0JGEMDWu5kHdAgE4d7+bXV8d/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fa99f42dd351d733c713a48c3778450_JaffaCakes118

Files

0fa99f42dd351d733c713a48c3778450_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c08a7fd2a7cfe06abe409726ade98a01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDBCSLeadByte
GetCurrentThreadId
CreateProcessInternalA
GetCurrentThread
VirtualAlloc
TlsFree
GetModuleFileNameA
GetDriveTypeW
TlsSetValue
GetLogicalDrives
GetOEMCP
GetModuleHandleW
GetCurrentProcessId
lstrcatA
GetSystemDefaultLCID
GetUserDefaultLangID
TlsGetValue
GetACP
lstrcmpA
GetCommandLineA
FreeLibrary

user32

GetWindowTextA
GetFocus
GetWindowDC
ShowWindow
GetForegroundWindow
IsIconic
BeginPaint
CloseWindow
GetClassLongA
GetWindowLongA
GetDC
IsWindowVisible
GetSystemMetrics
GetWindow
RegisterClassA
ReleaseDC
GetWindowTextLengthA
UpdateWindow
GetActiveWindow

shell32

StrRChrIA
StrCmpNA
StrChrA
StrRChrA
StrCmpNIA
StrChrIA

secur32

GetSecurityUserInfo
GetComputerObjectNameA
AddCredentialsA
GetUserNameExA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ