9f0d8bb5700250fc7c03def2d7e5d475_JaffaCakes118 | Triage

Sharing

General

Target

9f0d8bb5700250fc7c03def2d7e5d475_JaffaCakes118
Size

313KB
MD5

9f0d8bb5700250fc7c03def2d7e5d475
SHA1

fd0f5f906d0acc24d19590c85f3ba57f4981cab1
SHA256

b323b27b6e9c338db3e3d3a27a8ed0b7915780d6bc7e45e7f32eb33a2ce25a98
SHA512

a30c96e138e43674f0209b909212beaae9e19bae4bfa4244372b322fa6058a3305c212a40329d01cd08cd8b7b2f22bcd3c7a9ee4f657d1f1b26469ec83d0240c
SSDEEP

6144:E2odMjmSyNTGUap5sYhRwiUXlJidFJVR0P8zP8qWFATBgmySvH1:SdM61PaDsePUPGvn8FUgr+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9f0d8bb5700250fc7c03def2d7e5d475_JaffaCakes118

Files

9f0d8bb5700250fc7c03def2d7e5d475_JaffaCakes118
.exe windows:4 windows x86 arch:x86

575460dab8e115cb852b0f011608dfe3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
ExitThread
GlobalFindAtomA
GetProfileStringA
LoadResource
CloseHandle
GetOEMCP
GlobalAddAtomA
lstrcpyn
DeleteAtom
GlobalLock
SetConsolePalette
GlobalFree
LocalSize
RaiseException
GetStdHandle
GetProcessHeap
SetCommBreak
EnterCriticalSection
GetLocalTime
VirtualAlloc

user32

EndPaint
GetFocus
GetActiveWindow
GetDC
BeginPaint
GetClassNameA
IsIconic
ValidateRect
CloseWindow
AlignRects
GetWindowTextA
GetForegroundWindow
DrawEdge
ReleaseDC
GetWindowTextLengthA
GetClassInfoExA
GetWindow
ShowWindow
GetParent

wsock32

WSAAsyncGetServByPort
WSAGetLastError
WSACleanup
WSASetBlockingHook
WSAStartup

linkinfo

CreateLinkInfoA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ