fa14df13116113bd300ec53f67cb1775_JaffaCakes118 | Triage

Sharing

General

Target

fa14df13116113bd300ec53f67cb1775_JaffaCakes118
Size

26KB
MD5

fa14df13116113bd300ec53f67cb1775
SHA1

fc0b291f7e8b59db79bd5bb0611f7044b911d255
SHA256

e4a6a7e843375d4cfee63bf4090e7b6ed175f4c73aafaf18dfbc57e432609a9e
SHA512

4dec2e3ea28d914b3064604e561e50b85ac651af5c39b0cdf88ac90ff480a2aa29ebc1380bc9def5315673241f94a91907a26b5acedad1574305671af93820e5
SSDEEP

384:HqxjUqG9xA0lSxLAkotjTHA5nvDAzCmS0lKMHJkuBzB3w7QAqg62M7GeGX:EDGhSxLA1xTUsCAplB3qQ6M7D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa14df13116113bd300ec53f67cb1775_JaffaCakes118

Files

fa14df13116113bd300ec53f67cb1775_JaffaCakes118
.exe windows:4 windows x86 arch:x86

96b2e968c8d942b1c476ffc19880a760

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strlen
_strlwr
strcpy
strcat
strcmp

kernel32

HeapAlloc
GetCommandLineA
GetTempPathA
FindResourceA
LoadResource
LockResource
DeleteFileA
WaitForSingleObject
CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
GetTickCount
GetProcessHeap

user32

LoadStringA
wsprintfA
GetForegroundWindow
MessageBoxA

shlwapi

StrToIntA

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ