e910f5392c8f57eb2e97997450f8aa1c_JaffaCakes118 | Triage

Sharing

General

Target

e910f5392c8f57eb2e97997450f8aa1c_JaffaCakes118
Size

185KB
MD5

e910f5392c8f57eb2e97997450f8aa1c
SHA1

30b65c30539bdb3d61ff927b86f95c47cf0ebf98
SHA256

5a2196d71fe8915087feaec9a5ecdc97160d637fcf7728c75b16accbb5ab02d0
SHA512

d9a386112b51d64d267865c3f5a7fc24904cfcee53d43141a7b24b020bee12a9d56d490e655ca49059a43da41779886a42caf175e99e9efd282b2de2c2ac8bbb
SSDEEP

3072:8h0gLgXZ9WbO58krkIRjGrt0LEZaTFcq+9Wc6WL5bqQxGZGlfTKq9FsA/Q:8hVNbO6krkIRjOKtJOqQkZGluqTsA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e910f5392c8f57eb2e97997450f8aa1c_JaffaCakes118

Files

e910f5392c8f57eb2e97997450f8aa1c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eec3e4b6a1cc7ce304815fe1c7bc1dd8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateFiber
GetCommandLineA
InterlockedCompareExchange
TerminateProcess
RtlUnwind
GetProcAddress
ResumeThread
UnhandledExceptionFilter
GetACP
HeapSize
SetUnhandledExceptionFilter
EnumResourceNamesA
GetSystemInfo
HeapReAlloc
HeapDestroy
VirtualProtect
GetLocaleInfoA
SetThreadPriority
VirtualAlloc
LoadLibraryA
ExitProcess
IsProcessorFeaturePresent
VirtualFree
HeapAlloc
VirtualQuery
WriteFile

user32

BeginPaint
RealGetWindowClassA
InvalidateRect
PtInRect
GetClientRect
GetParent
EndPaint
RegisterClassExA
IntersectRect
UnionRect
SetFocus
UnregisterClassA
GetFocus
IsWindow
IsChild
CallWindowProcA
GetKeyState
CreateWindowExA

setupapi

SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imul
Size: 512B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ