12fbd8bfa81343ade65501b16493d3b4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12fbd8bfa81343ade65501b16493d3b4_JaffaCakes118
Size

111KB
MD5

12fbd8bfa81343ade65501b16493d3b4
SHA1

6659d234947939ebef27c2849622504c54b35d81
SHA256

ae2edf15025e1daaafe539ee75b7aff49b994ad63dad1662049ebade182e9df6
SHA512

d0d8060491c5eb864242820a2506675f07380b191e49bdb6414a8814d2443a2f6f78e8356768fe7785dbd93c809ad0a0336eeffaaae2f713dd11b0d7bf60263e
SSDEEP

3072:E4QJNkb+jWb/uUl7VYkPer4o8wqhHBU+r84PzA0e7:ONkSI/SpA5hHBnrBE7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12fbd8bfa81343ade65501b16493d3b4_JaffaCakes118

Files

12fbd8bfa81343ade65501b16493d3b4_JaffaCakes118
.exe windows:9 windows x86 arch:x86

a8f0c7b965bcda32672a9cf4fe7dc631

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetModuleHandleA
GetCurrentProcessId
GetCurrentProcessId
VirtualFree
SetUnhandledExceptionFilter
LocalFree
GetCurrentProcess
GetTickCount
LocalAlloc
LocalFree
GetACP
GetModuleHandleA
GetCurrentThreadId
GetCommandLineW
LocalFree
VirtualFree
MultiByteToWideChar
GetModuleFileNameA
LocalAlloc
FormatMessageW

ntdll

NtAllocateVirtualMemory

user32

DefWindowProcW
DestroyWindow
LoadIconW
ReleaseDC
SetTimer
CreateWindowExW
SendMessageW
DestroyWindow
GetWindowRect
LoadIconW
DefWindowProcW
PostMessageW
ReleaseDC
GetDC
GetWindowRect
GetSystemMetrics
CreateWindowExW
DestroyWindow
CreateWindowExW
SetTimer
CreateWindowExW
LoadIconW

Sections

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ