eb16b0b81d00e6d2f3d05b39a5ed1a27_JaffaCakes118 | Triage

Sharing

General

Target

eb16b0b81d00e6d2f3d05b39a5ed1a27_JaffaCakes118
Size

190KB
MD5

eb16b0b81d00e6d2f3d05b39a5ed1a27
SHA1

ab98491186aed47fa7ac3e7354e7e7c7259c91ac
SHA256

5eb299239339bec0c654c7fad948d8532922495c8dce46723f28d996fb3b301f
SHA512

7f4da7029ea9afdce0e9cfb96e3ecfa86ca84d10d1790f5f09e366eebc96cc88b4ff6fc80b73564a81dbee2060701af26ea57455b4d9fa4a48e070947d01daf0
SSDEEP

3072:+HkPE7UlH0QwiW9BiSNPvPYsiN/owsu9o2w+123kAA0sjplbPgz:+iqQwBCSl0S2w+7AAHi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb16b0b81d00e6d2f3d05b39a5ed1a27_JaffaCakes118

Files

eb16b0b81d00e6d2f3d05b39a5ed1a27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8c9fccb49eac0d4caa1911b6669db1db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shell32

ShellExecuteA
Shell_NotifyIconA

oleacc

CreateStdAccessibleObject

shlwapi

StrRetToBSTR
PathAppendW
PathIsRelativeW
StrCmpIW
PathFindExtensionW
PathCombineW

kernel32

GlobalFindAtomA
ResetEvent
Sleep
CloseHandle
CreateThread
GetComputerNameA
VirtualQuery
GetVersion
SetLastError
EnterCriticalSection
GetSystemDirectoryA
DeleteCriticalSection
GetWindowsDirectoryA
InitializeCriticalSection
FlushInstructionCache
SetEvent
EnumResourceLanguagesW
GetLocaleInfoA
CreateSemaphoreA
LeaveCriticalSection
QueryPerformanceCounter
GetPrivateProfileStructW
CreateEventA
GetDiskFreeSpaceA
GetModuleHandleA
InterlockedExchange
CompareStringA

Sections

.text
Size: 103KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ