b0b018247b2ecc1850ff7a06e55cc887_JaffaCakes118 | Triage

Sharing

General

Target

b0b018247b2ecc1850ff7a06e55cc887_JaffaCakes118
Size

637KB
MD5

b0b018247b2ecc1850ff7a06e55cc887
SHA1

ce3cc81b9805b7672f8f7d8f9350b03a031fe855
SHA256

c7e59d9936bcd53914f6c9ac92d0f9f365ca97b6717f31ac57fffcda1a68dd03
SHA512

a6add601b341f63b086e967e01cc00ff69c7c13ba162e2d8c61fb7aa51f794398defb07dd014e60b95893bdab0a89417d3475d6a3a48739e972b287ee079da50
SSDEEP

12288:zR1+jSpEoRzUA4Usj5sWUznwnprl76IkNjfCJaqYYNwJAULO4ywEWYd0:tEjSpEoRzU3UEgwnpR76IkEaMNwJAJel

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
b0b018247b2ecc1850ff7a06e55cc887_JaffaCakes118

Files

b0b018247b2ecc1850ff7a06e55cc887_JaffaCakes118
.exe windows:4 windows x86 arch:x86

947ad937594fe47983781098bdde2ced

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
LoadLibraryA
GetProfileIntA
HeapWalk
WaitForSingleObject
CloseHandle
HeapReAlloc
VirtualProtect
InterlockedExchange
GetStdHandle
GetVersion
GetAtomNameA
GetACP
CompareFileTime
GetConsoleCP
GetTickCount
lstrlenA
GetModuleHandleA
TlsFree
TlsGetValue
FindAtomA

user32

InflateRect
ModifyMenuA
MessageBoxA
PaintDesktop
CreateCaret
EqualRect
DialogBoxParamA
PostQuitMessage
ShowWindow
InsertMenuA
DispatchMessageA
GetMenu
DestroyMenu
CopyRect
PostMessageA
SetWindowPos
GetDlgItem
TranslateMessage
GetScrollRange
SetPropA
EnableScrollBar
GetMenuStringA
LoadIconA
GetWindowTextA
GetKeyboardLayout
SubtractRect
UpdateWindow

msi

MsiEnumClientsA
MsiGetMode
MsiDoActionA
MsiEnumProductsA
MsiCloseHandle

clbcatq

CoRegCleanup

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ