11cad3975f117b0f5872d20aef670ea9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11cad3975f117b0f5872d20aef670ea9_JaffaCakes118
Size

276KB
MD5

11cad3975f117b0f5872d20aef670ea9
SHA1

af4ff5d390c88c8b2284f4431d7f904782afead3
SHA256

d1b6121b642b5011a302d5654fa18c8e7b8de15ec1b1ab21f7566a724015b7f5
SHA512

0a0118011d879c1d576c64e0617090075fc9de33aca454ee3ae25aa9b5cd20a3c5a9f8a24d742f6bd746c6c0a8cde09a75ab3d09c61cbe59bdbdb37df9a658a4
SSDEEP

6144:nzOlT+OX63o3WVjn6nWjPV26amxTUbTfygrJ:zwj643WVjn6nA26NTU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11cad3975f117b0f5872d20aef670ea9_JaffaCakes118

Files

11cad3975f117b0f5872d20aef670ea9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3123d6ebf0cf632e2e43e9c0b9bcd2d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
GetModuleHandleA
lstrlenA
CreateProcessA
Sleep
GetCurrentDirectoryA
LocalFree
lstrcpyA
CloseHandle
GetComputerNameA
LoadLibraryExW
GlobalUnlock
CreateFileW
PulseEvent
GetCurrentThreadId
FindClose
SetLastError
GetCommandLineA
FindResourceW
UnmapViewOfFile

user32

CallWindowProcA
IsWindow
SetFocus
GetDC
GetDlgItem
DispatchMessageA
GetCaretPos
CreateWindowExA
DrawEdge
DrawMenuBar
FillRect
CheckRadioButton
CreateIcon

cryptui

CryptUIDlgSelectCA
CryptUIDlgCertMgr
LocalEnroll
CryptUIDlgSelectStoreA
WizardFree

msctf

TF_InitSystem

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 234KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ