cd95681431581f4fdd723748b9cc037d_JaffaCakes118 | Triage

Sharing

General

Target

cd95681431581f4fdd723748b9cc037d_JaffaCakes118
Size

91KB
MD5

cd95681431581f4fdd723748b9cc037d
SHA1

4cd547ad162555f206b2bd217a3bc3a8df33a909
SHA256

443c9a282c4539ef88ff2a880969851cfbb3d594ca9da8cdaaab8463ec9e614c
SHA512

3e0ceeded60bc8e1db16d266917b84386d9c5cc5d33f7284f107f954aeda23eefb44eef50a73419e2fea64f892dc66e8715b97e3d8c6f827f2a659f18c809213
SSDEEP

1536:VMlYx8d722f/BH7ECuQkKRfkkhFNnUBot/TCZn5p76zmKlYCn7KOpaYdfo7uPIbQ:VEAs2Y7EskKBkcXnCg7M5p7SmTcKIFoK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd95681431581f4fdd723748b9cc037d_JaffaCakes118

Files

cd95681431581f4fdd723748b9cc037d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

05666296dca7f931030fe1f4c68df011

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetForegroundWindow

kernel32

IsValidCodePage

shlwapi

StrPBrkA

Exports

Exports

AssictCopI
?IsFailedLow@@YG_JU_HALIGNLEFT@@U_REMOTECONTROL_SYS@@@I
?LoginConnect@@YG_JU_HALIGNLEFT@@U_REMOTECONTROL_SYS@@@I

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.write
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.int
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.read
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ