12047aa376618899f71f58b09dcf8b20_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12047aa376618899f71f58b09dcf8b20_JaffaCakes118
Size

715KB
MD5

12047aa376618899f71f58b09dcf8b20
SHA1

a59f588d8f318e6dbe867adf98779199f26a30a7
SHA256

6f759b0d38d18edebf3053c4683b95ce7770b1f9d859eea598596c4f7e7504d0
SHA512

ebe439e56a089edd6a516ec776b15f602d5b34012a24ae3729e2344454f1027a56ecc7dd61ce83f405fca1c5935dad9b20e95807a7ad12e54c74512c4ebb6b79
SSDEEP

12288:JAa+MbZQknFU0GLzhAli0g6+TNm6ovS+UCOjuILrAoVJAtOYr/P8Te+OkJmR9W1f:J6knF2n+AH6H/UCOj3r/ItpbPqe+9JmI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12047aa376618899f71f58b09dcf8b20_JaffaCakes118

Files

12047aa376618899f71f58b09dcf8b20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

31b3d0676317ab8bd33d9ebd45e6ecab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP
InterlockedExchange
CloseHandle
lstrlenA
GetModuleHandleA
TlsFree
HeapWalk
SetEvent
CompareFileTime
GetACP
GetProfileIntA
GetTickCount
FindAtomA
GetVersion
GlobalUnlock
VirtualProtect
LoadLibraryW
ResetEvent
GetAtomNameA
WaitForSingleObject
HeapReAlloc

user32

SetWindowPos
SetSysColors
GetWindowTextA
PostQuitMessage
DestroyMenu
SetPropA
DialogBoxParamA
ShowWindow
ScrollDC
InflateRect
GetParent
TranslateMessage
MessageBoxA
GetKeyboardLayout
GetWindowLongA
DispatchMessageA
GetScrollRange
InsertMenuA
EqualRect
EnableScrollBar
PostMessageA
GetDlgItem
CopyRect
GetMenu
ModifyMenuA
GetSubMenu
LoadIconA
GetMenuStringA
UpdateWindow

userenv

GetProfileType
GetGPOListA
FreeGPOListA
LoadUserProfileA
RefreshPolicy

apphelp

ApphelpCheckExe

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ