eb35e8cf160c1fb3a3f5ab0ed9473e96_JaffaCakes118 | Triage

Sharing

General

Target

eb35e8cf160c1fb3a3f5ab0ed9473e96_JaffaCakes118
Size

32KB
MD5

eb35e8cf160c1fb3a3f5ab0ed9473e96
SHA1

5446e787efd4491d838b329687b7f21dc7475ca1
SHA256

f18ad82fb7e567687ec1738c9a369470675a9968a2277afb86dbf664aa288bf1
SHA512

1cb816e451062caaa63385b919a31ca31a7367b803e9e2750c17e81105e734fe21c99b09f867bc7f3dcc7f45e696ad61995f786607d48cd42fe3501d5e722b2a
SSDEEP

384:KypbG5IFgdWZn9nD2ma0lMVMA/3t40+MeCyEUpkqs6TOT0G+4kvz:x1G5IK+D2QVA/KpzCyEUp3C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb35e8cf160c1fb3a3f5ab0ed9473e96_JaffaCakes118

Files

eb35e8cf160c1fb3a3f5ab0ed9473e96_JaffaCakes118
.exe windows:4 windows x86 arch:x86

736e4b11609312d942e41f12f92c2bd3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
VirtualAlloc
GetLocaleInfoA
VirtualProtect
MapViewOfFile
GetACP
CloseHandle
UnmapViewOfFile
CreateProcessA
CreateFileA
IsDBCSLeadByte
GetLastError
CreateFileMappingA
VirtualFree
SetEnvironmentVariableA
DuplicateHandle
GetWindowsDirectoryA
IsValidCodePage
lstrcpyA
InterlockedIncrement
GetEnvironmentVariableA
GetUserDefaultLCID
GetVersionExA
VirtualQuery
ExitProcess
LocalFree
FormatMessageA
ReadFile
GetModuleHandleA

user32

EnableWindow
CreateWindowExA
GetDlgItem
MessageBoxA
wsprintfA

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ