2616d82accea188cf6bf6525c450cf15_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2616d82accea188cf6bf6525c450cf15_JaffaCakes118
Size

417KB
MD5

2616d82accea188cf6bf6525c450cf15
SHA1

2e55f2f60336f375299532c1188e425df8eee5c2
SHA256

11e5b0f9bda6ba8cd775fdd7e1eb00ba106763726590c1353e94dad386f0bca3
SHA512

0a7c907e41fe3caccc26af604e552074b78ec309b71f52dd2487feb241497764f7861bcea920bb8a83d4d1602df19138c8324728fbe5c467e3634cbc553dec5e
SSDEEP

12288:fP/wP44KyxQbaUzUuXUfgrpciNoixv4U3:A4uLUzU8egtd/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2616d82accea188cf6bf6525c450cf15_JaffaCakes118

Files

2616d82accea188cf6bf6525c450cf15_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e2147e9252b281ff2ef176a137216a20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GetCommState
WriteProcessMemory
GlobalAddAtomA
ExitThread
GetProcessHeap
LoadResource
GetStdHandle
GlobalCompact
VirtualAlloc
EnterCriticalSection
ClearCommBreak
DeleteAtom
GlobalFlags
RaiseException
LoadLibraryExA
GetOEMCP
FindAtomA
CloseHandle
GetProfileStringA
GlobalFree

user32

GetClassNameA
CloseWindow
BeginPaint
IsIconic
ShowWindow
RegisterClassA
GetParent
GetDC
EndPaint
GetFocus
GetActiveWindow
DrawEdge
GetClassInfoExA
ValidateRect
GetWindow
GetForegroundWindow
ReleaseDC
GetWindowTextLengthA
GetWindowTextA

wsock32

WSAIsBlocking
WSAGetLastError
WSAAsyncSelect
WSACleanup
WSAStartup

dot3api

Dot3SetProfile

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ