146b5906ab50ad2656b68dc00c3634dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

146b5906ab50ad2656b68dc00c3634dc_JaffaCakes118
Size

17KB
MD5

146b5906ab50ad2656b68dc00c3634dc
SHA1

495bb46df49e7311f40fbfe3524e7e7fdb282a4b
SHA256

6709a3e785c18d8fbd674439e6daeda45b7a51c12e1b8e2440feaf1ff21df151
SHA512

eba9c703fc84a824d4da03c0886c32184e4a295656fa12e0963b3a7204d95cc55cd44c355915bf3e9ac6cfd1c2fdbdeebf3ecebf19b9b727122fe8f093f34816
SSDEEP

192:6Av76uzLAN4slsk/4yFuiItwJFErIUO5nfJE4gmuuuuuuuuu9oXZec5:buxNikgyFJJFErIU4nBE4pJe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
146b5906ab50ad2656b68dc00c3634dc_JaffaCakes118

Files

146b5906ab50ad2656b68dc00c3634dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

39d95ef1abe0469b2d718b390b23e2c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
WaitForSingleObject
VirtualProtect
InterlockedExchange
GetCommandLineA
HeapReAlloc
GetConsoleCP
GetConsoleDisplayMode
GetUserDefaultLangID
GetVersion
lstrlenA
SetLastError
HeapCreate
GetTickCount
GetAtomNameA
WaitForMultipleObjects
LoadLibraryExA
GlobalSize
ResumeThread
GetModuleHandleA
GlobalUnlock

user32

SetForegroundWindow
GetFocus
DrawTextA
GetCursorPos
GetParent
CreateIcon
FrameRect
GetDC
ShowWindow
EndPaint
wsprintfA
GetTitleBarInfo
AnyPopup
GetClassNameA
BeginPaint
FillRect
GetWindow
DragDetect
ReleaseDC

rastapi

DeviceListen
DeviceConnect
DeviceDone
PortClose
AddPorts

quartz

DllGetClassObject

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ