31021a1a035c7a17ddb5ccd7baa8f907_JaffaCakes118 | Triage

Sharing

General

Target

31021a1a035c7a17ddb5ccd7baa8f907_JaffaCakes118
Size

91KB
MD5

31021a1a035c7a17ddb5ccd7baa8f907
SHA1

40086c4273dc682811615a7c82dbc58a1a5b542a
SHA256

f408b5e2941a00d89aa92c8271ccf98deb70eb6b855fe4c4f2e639cd195abdec
SHA512

696ca51bfd8b2f163ded106e989e9ae2fbb167d54c08afe4848c842f3408e2723f8686a5add2a44fc8f08897b15b8d77a789d49a4923bf0313cbcf1e457e3bc4
SSDEEP

1536:fs7g77O7UdLlpYwXCIxkg8g54+KYqB+UITct2piIiP5GvGoe+Ejh0c8HNc/DSneR:ks7oefYwXCIq6NzU5A45Uvi+kl/Dj95d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31021a1a035c7a17ddb5ccd7baa8f907_JaffaCakes118

Files

31021a1a035c7a17ddb5ccd7baa8f907_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42ef90ff023ac8c803a96c7e9c635a7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
GetLocaleInfoA
SetEvent
EnterCriticalSection
InterlockedExchange
HeapCreate
RemoveDirectoryA
FindClose
ReleaseMutex
GlobalFree
FindFirstFileExA
VirtualProtect
LoadLibraryExA
Sleep
GetACP
GetLastError
GetCommandLineA
GetSystemDirectoryA
RaiseException
SetErrorMode
GetStdHandle

user32

FlashWindowEx
EndPaint
ReleaseDC
wsprintfA
GetClassNameA
BeginPaint
GetActiveWindow
GetParent
FrameRect
FillRect
IsIconic
ShowWindow
SetForegroundWindow
GetFocus
DrawTextA
GetWindowTextA
GetWindow
GetCursorPos
ValidateRect

dnsapi

DnsFree
DnsApiAlloc
DnsApiFree
DnsStatusString
DnsApiRealloc

clbcatq

CoRegCleanup

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ