e91c5a36999fb79dc8daafe2c5737c0d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e91c5a36999fb79dc8daafe2c5737c0d_JaffaCakes118
Size

64KB
MD5

e91c5a36999fb79dc8daafe2c5737c0d
SHA1

046576c9c436b8863bbd564a2f1bd55ee11e4c3d
SHA256

9b24565f8a7e1b1cca9770ffc9ec75a71e309c636ce369df61c74c27f665ecac
SHA512

f220aa328d0ce84a383c5c392b0c69f15b6b7f7ae90e08f13246ab21331f2bf2e0310dfd1b5a461041a4a787e1f12fba4fb2268e76a686293343e43ead2b2960
SSDEEP

768:MDdcvSJATA0ScLZIW+iZ962ToDv6eDuHcvqNnQz9d4mwkh8zs:MLf0S2L96Fv6exvgu0mHas

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e91c5a36999fb79dc8daafe2c5737c0d_JaffaCakes118

Files

e91c5a36999fb79dc8daafe2c5737c0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

00b85de8d2edf398268119d24e5f66a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
ExitProcess
WinExec
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
GetTickCount
GetCurrentDirectoryA
FreeResource
SizeofResource
CreateDirectoryA
LockResource
LoadResource
FindResourceA
Sleep
DeleteFileA
GetSystemDirectoryA

user32

FindWindowA
PostMessageA

shell32

ShellExecuteA

msvcrt

rename
strrchr
sprintf

Sections

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ