5762074eef5abfb3c7197313d6b758b5_JaffaCakes118 | Triage

Sharing

General

Target

5762074eef5abfb3c7197313d6b758b5_JaffaCakes118
Size

508KB
MD5

5762074eef5abfb3c7197313d6b758b5
SHA1

ac35e9cd89ed53eac485df3a83686913903286c6
SHA256

9f39281eee59212fddbdb8d088826ec63e98cde0fb308310deea79eca8319ae6
SHA512

e72dfb93db011dd6c4215fdb6a3e4b72f47c56653a5b5578170b61de316466fd368e84a0b115bc7142637491e50328615c11d69b65d2b91470ed00954d9d1a31
SSDEEP

12288:/rBKTYUWkMksNe3/NJdNYDAmpfCBy9YWn4C7Xp4v+UzvOn0:lU0R6jYUmpq6pnRjUzWn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5762074eef5abfb3c7197313d6b758b5_JaffaCakes118

Files

5762074eef5abfb3c7197313d6b758b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

30b34dd9a1c2716cba9ce50c4de57960

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
SetLastError
GetCurrentProcessId
GetTickCount
SetEndOfFile
GetFileType
InterlockedDecrement
VirtualFree
CreateFileW
UnmapViewOfFile
InitializeCriticalSection
LocalFree
SetEvent
GetModuleHandleW
FindFirstFileW
lstrcpynA
GetSystemTimeAsFileTime
CompareStringA
WriteFile
ReadFile
GetModuleHandleA
MapViewOfFile
SetFilePointer
GetProcessHeap
TlsGetValue
UnhandledExceptionFilter
LocalAlloc
GetEnvironmentStrings
HeapReAlloc
HeapAlloc
GlobalUnlock
GetVersionExA
ExitProcess
HeapDestroy
LCMapStringA
GetOEMCP
WaitForSingleObject
GlobalFree
HeapCreate
EnterCriticalSection
LoadResource
VirtualAlloc
GetCommandLineA

user32

SetCursor
CallWindowProcA
GetClientRect
FillRect
RegisterClassA
EnableMenuItem
SendMessageA
GetCursorPos
GetDC
DefWindowProcA

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ