2642fdcf7fb80f629c128b0537e3b65b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2642fdcf7fb80f629c128b0537e3b65b_JaffaCakes118
Size

27KB
MD5

2642fdcf7fb80f629c128b0537e3b65b
SHA1

89b8f91806dfe45656714edcb6685d248ca76585
SHA256

69a930089123ed691f17677719695e0ee1b3f1dfaf48890d0774c8b22a088b20
SHA512

e424f65c02cc6c1f0b6ffcb8e24f0e3b67b5b74dc02feca5409b9bb82b6170ea56067f76bfa15b9f80a76c024ccc3c559586bca5d534edc58fa485bbe2423438
SSDEEP

768:f8rhBMpA66hzOwz4lc4L4SeJTevUDQoMYcGI04A8NVoD:f+hvzOwQx8PJTzDQoMY7Z8Nu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2642fdcf7fb80f629c128b0537e3b65b_JaffaCakes118

Files

2642fdcf7fb80f629c128b0537e3b65b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ac6a14f8688b309869855f8b4602c695

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
InitializeCriticalSection
GetStdHandle
GetProcessHeap
VirtualProtect
GetProcAddress
IsDebuggerPresent
HeapReAlloc
GetOEMCP
GetDateFormatW
GetCurrentProcess
InterlockedIncrement
GetACP
HeapAlloc
lstrcmpA
GetCurrentProcessId
GetVersion
VirtualFree
GetModuleHandleA
SetStdHandle
GetLocaleInfoA
GetTickCount
ExitProcess
WriteFile
SetConsoleCP
GetCurrentThreadId
GlobalAlloc
RtlUnwind
GetLastError

msvcrt

fprintf
_wtol
_adjust_fdiv
_wcsicmp
_purecall

ole32

CoTestCancel
ReleaseStgMedium

user32

RegisterWindowMessageA
EnumWindows
GetFocus
DispatchMessageW
GetMenuItemCount
MessageBoxA

lz32

LZClose

advapi32

SetSecurityDescriptorDacl

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE