JaffaCakes118_2c41a67dc2be1ae16922554c8158503c | Triage

Sharing

General

Target

JaffaCakes118_2c41a67dc2be1ae16922554c8158503c
Size

162KB
MD5

2c41a67dc2be1ae16922554c8158503c
SHA1

88c6fea0d36f3736912c7d52f9b2c2a7eadddc49
SHA256

c36ea273277eecbd3b7a10ff1119f2b263fd2d3661f71ed4e862d860f3cb9269
SHA512

da673002c2c301415c1bb10bc0eaf7636e81e4ebb61d693488decf1d562848847e69a54172255e592c853025e42de301e2ba2c7ca34963a4ecc5007d43ab0033
SSDEEP

3072:8EYoB389mSoOGQwaW0JtDAHjWbITjWIkKTRDjPROYDLmB7Aciq18FL4Y/xoesluU:BMRfGaWIDACbeCIFvPROAa5Aciq1k8cc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_2c41a67dc2be1ae16922554c8158503c

Files

JaffaCakes118_2c41a67dc2be1ae16922554c8158503c
.exe windows:4 windows x86 arch:x86

e621d3d8a874f16853d644d36e618999

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
InterlockedCompareExchange
HeapFree
GetStartupInfoA
GetTickCount
WideCharToMultiByte
lstrlenA
Sleep
EnumSystemLanguageGroupsW
GetEnvironmentVariableA
MultiByteToWideChar
CreateProcessA
LocalAlloc
GetWriteWatch
GetCurrentProcessId
InterlockedExchange
RaiseException
QueryPerformanceCounter
GetSystemTimeAsFileTime
lstrlenW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ole32

ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID

winmm

mciSendCommandA
sndPlaySoundA

user32

GetWindowInfo
IsWindow
FillRect
GetWindowLongA
ReleaseCapture
GetDC
LoadCursorA
GetDlgItem
GetSysColor
MoveWindow
SetWindowLongA
SetCursor
SetWindowPos
ReleaseDC
SetCapture

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ