56309236ccf441779740d8c72fadc17c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56309236ccf441779740d8c72fadc17c_JaffaCakes118
Size

169KB
MD5

56309236ccf441779740d8c72fadc17c
SHA1

063d50e531dc78e37b281a633508c110bb11f72c
SHA256

e194f6238ac01794819886e4dcab53de6036a1670a0967b87636b8c1ec0d33f5
SHA512

b1d59785a245d29377c04f6bb6e82e82dc09f2920e4e251a2f3d930d655efe41d42710d88b59764e19baabfcc112109f702070ec87d7817790d0ced4e2e20ce4
SSDEEP

3072:gHGGuKTXcXI534e/cVG6fU/momWyfEobITzmhsS5tYQpfKYgG116:cGGukcgP5Xmo29eS5tYMPo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56309236ccf441779740d8c72fadc17c_JaffaCakes118

Files

56309236ccf441779740d8c72fadc17c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bad8c261fe8aeb400bb8d9dbcab1eb61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GetCommState
VirtualAlloc
LoadResource
CloseHandle
GetProcessHeap
RaiseException
ExitThread
GetProfileStringA
GlobalCompact
GetOEMCP
SetCommBreak
GlobalFindAtomA
LocalSize
lstrcpyn
LoadLibraryExA
GlobalLock
DeleteAtom
GetStdHandle
EnterCriticalSection
GlobalAddAtomA

user32

GetClassInfoExA
GetClassNameA
DrawEdge
ValidateRect
GetWindowTextA
GetForegroundWindow
GetFocus
BeginPaint
ReleaseDC
AlignRects
EndPaint
GetWindow
ShowWindow
GetActiveWindow
GetParent
GetWindowTextLengthA
GetDC
IsIconic
CloseWindow

wsock32

WSAStartup
WSAGetLastError
WSASetBlockingHook
WSAAsyncGetServByPort
WSACleanup

duser

AutoTrace

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ