ea8da48b895dad0fa78dbe9bd64fc21b_JaffaCakes118 | Triage

Sharing

General

Target

ea8da48b895dad0fa78dbe9bd64fc21b_JaffaCakes118
Size

716KB
MD5

ea8da48b895dad0fa78dbe9bd64fc21b
SHA1

9fb14eefdbe1503497e9023f6ed88fc29cb748de
SHA256

720180833f7a1d4afe038f56dc95c39a4bdbd52e8fa7604053d6a5f3f566a21b
SHA512

3f708a89c5ab220dbc88dbdbb71433c381bf830b8f3bb9b7c090e93b59f563196dd031c8a6135911cf37ae984e0e9c0e546d8785e59a5f0b877aa881653c8823
SSDEEP

12288:vUqxSEDT5n4GhQn8LnzB4XG0wBtuycNTpvWLQ8c9GwtW8rsxyC3fpQ:bkyTyxnSN4XG00tsL+LQ8cswQwsYC3hQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea8da48b895dad0fa78dbe9bd64fc21b_JaffaCakes118

Files

ea8da48b895dad0fa78dbe9bd64fc21b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7f166c53f932c8a22425fd1a009c23de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
VirtualProtect
WaitForSingleObject
TlsFree
FindAtomA
GetConsoleCP
GetVersion
GetAtomNameA
GetModuleHandleA
GetACP
SetEvent
CompareFileTime
GlobalUnlock
lstrlenA
InterlockedExchange
HeapWalk
GetProfileIntA
CloseHandle
GetTickCount
LoadLibraryW
HeapReAlloc

user32

PostQuitMessage
SetPropA
InflateRect
InsertMenuA
EqualRect
DispatchMessageA
SetSysColors
TranslateMessage
GetMenuStringA
ShowWindow
GetScrollRange
DestroyMenu
GetWindowLongA
GetParent
GetKeyboardLayout
ScrollDC
MessageBoxA
EnableScrollBar
DialogBoxParamA
CopyRect
PostMessageA
GetDlgItem
LoadIconA
GetMenu
UpdateWindow
SetWindowPos
ModifyMenuA
GetSubMenu
GetWindowTextA

msi

MsiDoActionA
MsiEnumClientsA
MsiGetMode
MsiEnumProductsA
MsiCloseHandle

apphelp

ApphelpCheckExe

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ