3b0a7b43972933a5f82d00eccc68fb46_JaffaCakes118 | Triage

Sharing

General

Target

3b0a7b43972933a5f82d00eccc68fb46_JaffaCakes118
Size

747KB
MD5

3b0a7b43972933a5f82d00eccc68fb46
SHA1

c40c8ff1a4d329e32610491e152ddf509f279be5
SHA256

495ab9b57e4d7738a7b313c258512d22d2168eedc2c53afa69408d6345669c05
SHA512

cc47502048ce7758d8364b2c55885c38cfa6d6bc5adc02e146035972f663fe94a1ad65e89fd7254ef4aa3e8b15942c203c7908d83ed2db4fd63cd7eaf02ca41c
SSDEEP

12288:0U2/svcRBlQrRZAjxVPQ7zbjvuQFTmjQ8CDc8+1IJ5XD1OouTGAy2z0jesK6ix:v2/svrO5QbjvPFTmjQ8IHDUTGF2z0j1c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b0a7b43972933a5f82d00eccc68fb46_JaffaCakes118

Files

3b0a7b43972933a5f82d00eccc68fb46_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45ed02acea8517449ff85899437a719f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
GetEnvironmentVariableW
WaitForSingleObject
CreateMutexA
GetFileAttributesA
CreateFileA
HeapSize
SetEvent
ExitProcess
OpenProcess
GetConsoleTitleA
WaitForMultipleObjects
DeleteFileA
GetModuleHandleA
GetStdHandle
SetLastError
GetTickCount
CloseHandle
GetCommandLineW
VirtualAlloc
CreatePipe
FindClose
ResetEvent
RemoveDirectoryA
GetCurrentDirectoryA

user32

DispatchMessageW
GetDC
FillRect
GetDC
CallWindowProcW
GetWindowLongA
FindWindowW
GetSysColor
MessageBoxA
PeekMessageA
GetClassInfoA
GetDC
DispatchMessageW

perfctrs

CloseNbfPerformanceData
CloseNbfPerformanceData
CloseNbfPerformanceData
CloseNbfPerformanceData

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ