11049c139ff03edc799109f8394abf0e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11049c139ff03edc799109f8394abf0e_JaffaCakes118
Size

385KB
MD5

11049c139ff03edc799109f8394abf0e
SHA1

114144dbc558f9c3f132f6a92c1652ee3f5e2d1b
SHA256

288b615561f2d5e42a11355ac0699d27487c2af25765e8c1668df315508514c6
SHA512

42622d6d1b34a7a87587ea5fdb93c7d6ebfec6cc1a1760b67155bdc3a3ac107701925c459fd27c8ebb64d63d3c556f5c4e06bdfafeb97116ad8de3a2d35e5545
SSDEEP

6144:dR43PcpCG0fJMHneMCDB6sEFu6XwydbyY9gHDtWGDSYAnLCI:dKU4G0fchCd+RXwycY9gkGTALb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11049c139ff03edc799109f8394abf0e_JaffaCakes118

Files

11049c139ff03edc799109f8394abf0e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1476e7fdf88e40a0bae505e9ea6cf869

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
ResumeThread
FindVolumeClose
CloseHandle
FreeConsole
GetModuleHandleW
ResetEvent
GlobalFree
GetDriveTypeW
GetPrivateProfileIntW
GetMailslotInfo
GetACP
LocalFree
GetEnvironmentVariableA
LocalSize
VirtualAlloc
WriteFile
CreateThread
GetExitCodeProcess
InterlockedExchange

user32

GetKeyboardType
DispatchMessageA
EndDialog
GetClassInfoA
SetFocus
CallWindowProcW
GetSysColor
IsWindow
GetCursorInfo
GetClientRect
DrawStateW
GetSysColor
CreateWindowExA

qedit

DllUnregisterServer
DllUnregisterServer
DllGetClassObject
DllUnregisterServer
DllUnregisterServer

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ