4525593ed7aee8bfc88c9feba7b87df1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4525593ed7aee8bfc88c9feba7b87df1_JaffaCakes118
Size

202KB
MD5

4525593ed7aee8bfc88c9feba7b87df1
SHA1

3f84711e56a6eb6e5b5f8b6642b3e57964b1abaf
SHA256

d3f6a179d0c99ed59835223890e158cea95fd93ddbc33732b08a4a909aa500cd
SHA512

589afd44413b5373c121f9c7238fcfe292d6e680b887546c55a416ffdf186d39f30158355bcffbb0b2dd0081e95e66c9e350c8a69471918a77b37234fba42590
SSDEEP

3072:qCyTRdaZ/F3AfOOKx29HgwUYVYfloo6LptxOaroAVdKbHD+pEfEPSvcFmnxic:4U6OOKx8HNZVDo6tDj9X8jEE8Uxi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4525593ed7aee8bfc88c9feba7b87df1_JaffaCakes118

Files

4525593ed7aee8bfc88c9feba7b87df1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e54bd9193a12c633b39c493ac8079f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetModuleHandleA
HeapCreate
InterlockedExchange
GetCommandLineA
WaitForSingleObject
GetSystemDefaultLangID
CompareFileTime
GetConsoleCP
VirtualProtect
LocalSize
GetAtomNameA
lstrlenA
CloseHandle
GlobalUnlock
WaitForMultipleObjects
LoadLibraryExA
GetVersion
SuspendThread
GetStdHandle
HeapReAlloc

gdi32

GetFontData
AbortPath
EqualRgn
GetRgnBox
CreatePalette
GetStringBitmapA
CreateICA
DeleteDC
GdiFlush
EngLineTo
Ellipse
GetTextColor
GetMetaFileA
BeginPath
FloodFill
Escape
DeleteObject
CreateFontA
EndPath
GetMetaRgn

winmm

CloseDriver
OpenDriver
auxSetVolume
auxGetVolume
PlaySoundA

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 804KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ