37d31edaeca487eea08299ceddc15548_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37d31edaeca487eea08299ceddc15548_JaffaCakes118
Size

2.7MB
MD5

37d31edaeca487eea08299ceddc15548
SHA1

19d11353b50cfff060ad42e6524dcd93336fbd4c
SHA256

ace81b697babd7153e72b9507c3a9ea039717f7aac7c74e62e26fa676ed9bb7f
SHA512

5cbe3db6021e9fbc104022da03c929889213a95a131af1166cfd2416bc09a12f3a387a9f0dfb3e09a438620bea09173dc43d2f5725cc36acf7b26adcc7c9ad62
SSDEEP

49152:YreOHudCrtOEgmCvOctG13ZTCdT0WxYEiuUxWhFqrf1eFLnFPQ7C:YreOOaqRtITCVvizW3qbMnFPQW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37d31edaeca487eea08299ceddc15548_JaffaCakes118

Files

37d31edaeca487eea08299ceddc15548_JaffaCakes118
.exe windows:5 windows x86 arch:x86

71dfb6a0b209cc378bfdc8029e1fb67f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCommConfig
SetFilePointerEx
lstrcpynA
SetConsoleLocalEUDC
GetLongPathNameW
GetCommandLineA
VirtualQueryEx
GetEnvironmentStringsA
BuildCommDCBAndTimeoutsA
VirtualAllocEx
OpenJobObjectA
HeapAlloc
FindVolumeClose
IsValidCodePage
lstrlenA

user32

GetWindowContextHelpId
TranslateMessage
MapVirtualKeyExW
CharPrevExA
CharNextExA
GetWindowTextA
GetWindow
EnumChildWindows
EnumWindowStationsA
SetCursor
AdjustWindowRect
OpenDesktopA
SubtractRect
UnpackDDElParam
SetMenu
AlignRects
UnhookWindowsHook
SubtractRect
SetDebugErrorLevel
TrackMouseEvent
GetWindowRect
LoadBitmapA
EnumDisplaySettingsExA
GetWindowLongA
OpenInputDesktop
MessageBoxTimeoutW
ActivateKeyboardLayout
FillRect
SetWindowsHookExW
ReleaseDC
ReuseDDElParam
SetClassWord
GetMenuInfo
GetMenuStringA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 17.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ