ec526d1560c85f96933340be80c57368_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec526d1560c85f96933340be80c57368_JaffaCakes118
Size

33KB
MD5

ec526d1560c85f96933340be80c57368
SHA1

eff41372b3fa9220bd1b87701f909f9925c2546a
SHA256

31bc865943afb3fbe34a5e94feb7c6369b1e6270daf56fc3f885b59517e38e15
SHA512

5fcc36741f346073da470884f3d3f7d589430aa85baa8af0bba9dee8795f560fc1a10182d634491af82142468307055074f3dc731b85c22d4ab881cf1244bcc8
SSDEEP

96:6PRuH2FD4ol5piYylKD80O+EAaVrMYONfeZEWVArvU3mONfeZEWV4+xF9p:65uHe4kziYN5PyVMNeTL3TNeT4+vD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec526d1560c85f96933340be80c57368_JaffaCakes118

Files

ec526d1560c85f96933340be80c57368_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3fc6d984153cc5d056693dd55ac073d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
TlsGetValue
FreeConsole
LoadLibraryExA
FindClose
GetModuleHandleA
Sleep
GetDriveTypeW
EnumResourceTypesA
DeleteCriticalSection
VirtualProtect
PulseEvent
CloseHandle
LocalFree
GetDiskFreeSpaceExW
SetLastError
GetDateFormatA
GetCommandLineA
IsBadCodePtr
IsBadReadPtr

shell32

DragFinish
DuplicateIcon
DragQueryFileA
SHGetSettings
SHFree
DragAcceptFiles
ShellMessageBoxA
SHGetDiskFreeSpaceA
ShellAboutA
StrChrA
SHGetMalloc
DllUnregisterServer
ExtractIconA

msasn1

ASN1BERDecCheck
ASN1BERDecBool
ASN1BERDecFlush
ASN1BERDecEoid
ASN1BERDecDouble

advapi32

RegCloseKey

Sections

.text
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ