e78b820f1583407109f0e89cba5729f4_JaffaCakes118 | Triage

Sharing

General

Target

e78b820f1583407109f0e89cba5729f4_JaffaCakes118
Size

278KB
MD5

e78b820f1583407109f0e89cba5729f4
SHA1

b5a220a0517f2fdfa311176bcffaac751ce4e8ca
SHA256

3e9bcecbd0ce8684a7b98bf801dd8b8fb78060f8f97ab7ba9097ca0eece4b7dd
SHA512

6eca1eba341a7cd4334767240bc179c74c892ff4ec252668f88a654691f236b07b8b5a0dfe6eec203177b1d233854dc388df2e8e1a9a4a1015970361bbab3da9
SSDEEP

6144:CBWe6cGpZnUnmn5At1NqTpDQ2pEe9TKaBbX2pOSP2izvrl8TE3zvXYJjrP:C5GpxoDay8KYS3zpTGjr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e78b820f1583407109f0e89cba5729f4_JaffaCakes118

Files

e78b820f1583407109f0e89cba5729f4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e8dcd1cd3f502a24a9e0e362e0d86b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
VirtualFree
HeapAlloc
VirtualQuery
VirtualAlloc
SetLastError
QueryPerformanceCounter
TlsAlloc
EnumSystemLanguageGroupsW
GetCurrentProcessId
HeapDestroy
IsBadWritePtr
GetSystemTimeAsFileTime
GetWriteWatch
HeapCreate
HeapReAlloc
TlsFree

user32

LoadStringA
SetWindowTextA
GetWindow
CreateWindowExA
DestroyIcon
GetDlgItem
LoadImageA
GetParent

oleacc

CreateStdAccessibleObject
AccessibleChildren

winmm

mciSendCommandA

shell32

SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW

shlwapi

PathAddBackslashW

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ