ecc80d1cd5538a801fb28ffe99f1dc42_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ecc80d1cd5538a801fb28ffe99f1dc42_JaffaCakes118
Size

18KB
MD5

ecc80d1cd5538a801fb28ffe99f1dc42
SHA1

189ac212fee6aa5d6e84f746027e958eb1662466
SHA256

ed89707c8a636b5afbb44b2ce9f2f59d74099f43f8c0529f9dd6a638c17fae58
SHA512

56d815d1d308ea932852fbe916c0d5e127950c8dab52ac7b860253f8bf2714f99f7eb14c90b46040cadbb2cb3fd258bb6ceddf0a7b353b7614f6be6d1c1654cf
SSDEEP

384:DTsdlNLZYaj0kkTNLCjvKMKsVHHcriyDK8e6lXEX2TtW3k:/kNSaALZOXKsRcriym81lXEO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecc80d1cd5538a801fb28ffe99f1dc42_JaffaCakes118

Files

ecc80d1cd5538a801fb28ffe99f1dc42_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc06a9bb1df45e7284fa0ec5e1b4f500

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
CloseHandle
lstrcatA
WaitForSingleObject
DeleteFileA
CreateEventA
WriteFile
SetFilePointer
CreateFileA
lstrlenA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
RtlUnwind
ExitProcess
HeapReAlloc
lstrcpyA
GetModuleHandleA
GetTempPathA
GetFileAttributesA
PulseEvent
SetEvent
CreateThread
GetVersionExA
ReadFile
ExitThread
HeapFree
lstrcmpA
FreeLibrary

user32

wsprintfA
DestroyWindow
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
CreateWindowExA
CharToOemA
GetParent
DispatchMessageA

advapi32

RegOpenKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetFolderPathA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ