101dd4022449eead96c7aeb7c7475dd8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

101dd4022449eead96c7aeb7c7475dd8_JaffaCakes118
Size

529KB
MD5

101dd4022449eead96c7aeb7c7475dd8
SHA1

feeecb72f66c0722d1bd5289c68a497810b0d3ce
SHA256

06c6b0e8c25fc7ab17f82cc3d9774284f24d34feb9af1e7a11a0f7e2381d4400
SHA512

0ce0d75eebecb8da17f49822d743e353a9da76710acf0263b788d16dfdf660fd33a35474ae851bb5288a2974376536c83bf814fd3e14801539febaa6a253730a
SSDEEP

12288:DJtHFTwIPiWLKQb+JZ3e3x+hoJ/f8tp50h6Gp2ZD2t:tFtpev33uX8T50IGM5s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
101dd4022449eead96c7aeb7c7475dd8_JaffaCakes118

Files

101dd4022449eead96c7aeb7c7475dd8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a3d9de7666feec0c57ef443afda5b1b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

StartDocA
Ellipse
CreatePen
ExtTextOutA
CreateDIBSection
DeleteDC
BitBlt
LineTo
DeleteObject
CreateRectRgn
CreateRectRgnIndirect
RectInRegion
GetTextExtentPoint32A
SelectObject

user32

TranslateMessage
EnumWindows
ModifyMenuA
DrawTextA
DestroyWindow
PeekMessageA
CreateDialogParamA
FrameRect
SetForegroundWindow
DrawFrameControl
LoadBitmapA
FillRect
GetWindowRect
KillTimer

msvcrt

wcscat
free
_itoa
_wsplitpath
wcsncpy
memset
atol
strchr
_wfopen
_ltow
_ltoa
_stricmp
_getcwd

kernel32

InitializeCriticalSection
TerminateProcess
ReadProcessMemory
FindResourceA
VirtualAlloc
TlsFree
GetCurrentProcessId
GetStartupInfoA
FlushFileBuffers
FileTimeToLocalFileTime
GetVersionExA
CloseHandle
EnterCriticalSection
FatalAppExitA
SetStdHandle
SetErrorMode

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ