06f98dca2d5a279fe63db4d8b542ec26_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06f98dca2d5a279fe63db4d8b542ec26_JaffaCakes118
Size

53KB
MD5

06f98dca2d5a279fe63db4d8b542ec26
SHA1

0ad15692cded312028c6b8070cb6313a068b052d
SHA256

de464e29457913fff72809551193d66b424912c2fabad05acd2f0cf3eda98a4f
SHA512

021fa40bf6e8a36bdaa1b66f87af3a09b0367977c9a3447629fa2dfcdb443a6764d16bd77d33d140dfca2793dd199b2992674e5cb82fe8f062b28d1c90d88fdd
SSDEEP

768:e3pdpoO1UTFSRM5Q/6ANtB36bw2iYLTyymErEJY+YZGPWouJK:oJo5kREQ/tJ36bw2iSjrEG+GlJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06f98dca2d5a279fe63db4d8b542ec26_JaffaCakes118

Files

06f98dca2d5a279fe63db4d8b542ec26_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd4688cb2aa0a34dc9a9c1a224973834

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
Process32Next
lstrcmpA
CloseHandle
Process32First
CreateToolhelp32Snapshot
GlobalFree
WriteFile
CreateFileA
lstrcatA
lstrcpyA
GlobalAlloc
LockResource
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
ReadFile
GetFileSize
GetProcAddress
GetEnvironmentVariableA
WinExec
GetPrivateProfileStringA

user32

DefWindowProcA
ShowWindow
PostQuitMessage
DestroyWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
PeekMessageA
SendMessageA
FindWindowA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ