cd0e91bba7713d1a7c66d50c4f9aed90_JaffaCakes118 | Triage

Sharing

General

Target

cd0e91bba7713d1a7c66d50c4f9aed90_JaffaCakes118
Size

165KB
MD5

cd0e91bba7713d1a7c66d50c4f9aed90
SHA1

fc4dde2537881ce341b8054fe64a9659a235bfaa
SHA256

31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095
SHA512

2a1eb564056bb3ea26d4ec36ba1c88482ec7fb26b788dbcde7389f654400403519d0d9c82ec544694e668ddbebba0b3a28ca4e70bf0e452764a6b5ada50615a5
SSDEEP

3072:EfkfcHxa/ZrtSBnZ+k2/d7V2g855t1dRTvydaDgA+XtZ4X:akfcHxaRhS7+kId/85zLRxgAiZ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd0e91bba7713d1a7c66d50c4f9aed90_JaffaCakes118

Files

cd0e91bba7713d1a7c66d50c4f9aed90_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0be046a940adcc60bd03e300c823bc15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

user32

SendMessageA
GetDlgItem
IsWindow
CreateWindowExW
DestroyWindow
EnumChildWindows
GetWindowThreadProcessId

kernel32

GetCalendarInfoW
SetFilePointer
ReadFile
InitializeCriticalSection
IsValidCodePage
GetStartupInfoA
RtlUnwind
ExitProcess
LeaveCriticalSection
HeapDestroy
SetEndOfFile
EnumResourceNamesA
VirtualFree
GetOEMCP
HeapReAlloc
GetCPInfo
FreeEnvironmentStringsA
HeapCreate
EnterCriticalSection
GetACP
HeapSize
RaiseException
VirtualAlloc
DeleteCriticalSection
SetEnvironmentVariableA

ole32

CoGetMalloc
CoTaskMemFree
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstance
CoQueryProxyBlanket
CoSetProxyBlanket
StringFromGUID2

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ