2823bb27ba7870d031d8d20906b1c062_JaffaCakes118 | Triage

Sharing

General

Target

2823bb27ba7870d031d8d20906b1c062_JaffaCakes118
Size

45KB
MD5

2823bb27ba7870d031d8d20906b1c062
SHA1

aa618daaf2e0238640398e42492f8f357a5a0619
SHA256

a58c3f15f2f14bc084b5df2326cf7cdf9963832086d8a554c94dfb5022ac40a7
SHA512

6a414d1fb5acda1e70c5e5ed2a064fb6770b13cc8a50a59b2fff0f5ad15f2fcaca5cb4c1d91bdac91720379b6434d6bd4fa0aaed7d2ee42c78760829f6d4b9b4
SSDEEP

768:X323i/5MqKWo+CBe0dyvumWGpgIZ/jjPFjwUMaJiApGHNb6mBR:Ii/5MtWo+C80UcGpR/jjPpaSiApGtWsR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2823bb27ba7870d031d8d20906b1c062_JaffaCakes118

Files

2823bb27ba7870d031d8d20906b1c062_JaffaCakes118
.exe windows:4 windows x86 arch:x86

384e277b53ce1698862599704339634e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcpyA
GetProcAddress
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
InterlockedExchangeAdd
GetTickCount
GetCurrentThread
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
LoadLibraryA

user32

MessageBoxA
CreateWindowExA
RegisterClassExA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
DefWindowProcA
GetActiveWindow
FindWindowA
GetCursor

gdi32

TextOutA
SetGraphicsMode
ResizePalette
GetBkColor
GetObjectType
SetBitmapBits
UpdateColors

ole32

CoInitialize

Exports

Exports

?jgdfgjfiogjfogE@@YAHHPADHHH@Z
?jgdfgjfiogjfogF@@YAHHPADHHH@Z
?jgdfgjfiogjfogG@@YAHHPADHHH@Z
?jgdfgjfiogjfogL@@YAHHPADHHH@Z

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ