296d2db9e396b7692fc0a86f11a16af0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

296d2db9e396b7692fc0a86f11a16af0_JaffaCakes118
Size

268KB
MD5

296d2db9e396b7692fc0a86f11a16af0
SHA1

20f4bae3f1dfd4dc28096545468395b3321d55f5
SHA256

5c93ca3f394d062b35118c342811eccb70293d42d8cf79d0507f7326c37b8da9
SHA512

8e32a2dfd6e9f0e8a74cc74435f65b4bbf126199c414ff6b49fdc0d8abb8500d7525fe0ccefa15050b8be0f6ddaea83bc574f7d54395ce0fe7ec8d25fb4aacd6
SSDEEP

6144:JZKPuP94zGSzZUvoaKNTwPQ+J5SwfYLDDLgN1:J4PKKZUgdNco+J5xgbU/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296d2db9e396b7692fc0a86f11a16af0_JaffaCakes118

Files

296d2db9e396b7692fc0a86f11a16af0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d245c7ac07febacc2dcee7af5bebcf3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
CloseHandle
SizeofResource
QueryPerformanceCounter
lstrlenA
GetLastError
LoadResource
HeapFree
lstrcmpiW
lstrcpyA
FlushInstructionCache
GlobalAlloc
lstrcpynA
lstrcatA
LoadLibraryA
GetProcAddress
HeapDestroy
WaitForMultipleObjects

user32

wsprintfA
GetParent
IsWindow
CharNextA
EqualRect
LoadStringA
OffsetRect

gdi32

CreateDCA
DeleteMetaFile
GetDeviceCaps

ws2_32

ioctlsocket
select
send
connect
recv
WSAStartup
closesocket
shutdown

msvcrt

iswspace
realloc
wcschr
free
sprintf
wcscat

Sections

.text
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 235KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ