04ea49f88fc74d70f6a817d91216e2d6_JaffaCakes118 | Triage

Sharing

General

Target

04ea49f88fc74d70f6a817d91216e2d6_JaffaCakes118
Size

274KB
MD5

04ea49f88fc74d70f6a817d91216e2d6
SHA1

c84c9562b917256c14b3b36bf1289bf404d94ae6
SHA256

f0f09d0ff205538b5b48996ee26d4acec06dc341760683d688f3abeb9e00b2f2
SHA512

e8a7323c7f22b89f97b49f774eaad50cb1268c2c250544ddbb8a01d743ff2f9d18d6278cf3be6a06335aeecf08164a6e43ea0c496594c91d0d599e6328a0aa27
SSDEEP

6144:wErAC195H7IHjOp+lx71fksWQSa9zbsvVXMcLX52KHOGuRA:P/5bIHjOpIbf5WQSoeTLXoGd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ea49f88fc74d70f6a817d91216e2d6_JaffaCakes118

Files

04ea49f88fc74d70f6a817d91216e2d6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fa791dd5c9717aef8758c43ee5fb898f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetSystemTime
lstrcpyW
GetLocalTime
GetSystemInfo
HeapFree
HeapAlloc
GetProcessHeap
lstrcpyA
GetProcAddress
GetModuleHandleA
GetSystemDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
lstrcatA
lstrcmpA
Sleep
lstrlenA
GetTickCount
SetLastError
GetEnvironmentStrings
SleepEx
VirtualProtect

shlwapi

StrToIntA
StrChrIA
StrStrIA
wnsprintfA
StrStrA
StrChrA

user32

MessageBoxA
wsprintfA
CharUpperA
GetDlgItemTextA
SetDlgItemTextA
CharLowerA
GetDlgItemInt
SetFocus
GetDlgItem
EnableWindow
SetDlgItemInt
ShowCursor
EndDialog
CheckDlgButton

ntdll

NtQueryEvent
NtOpenDirectoryObject

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ