0e1185001a841ff80aff8c5eef507fa0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e1185001a841ff80aff8c5eef507fa0_JaffaCakes118
Size

140KB
MD5

0e1185001a841ff80aff8c5eef507fa0
SHA1

5c06bd7a84c29a3bd5fac4cfb0bc4936ea1f5c62
SHA256

51870a394c66a5cbadba162b9184363bec3d16131134b8f2674067aaf219a914
SHA512

1ba742d32c03599675276c0a47ba29e12b42dce74aff6c622189ff16686f6aa91529a7736b1904b71b732165a12a6e073838700346b819980c1b5effbe29979f
SSDEEP

3072:z9ix+xlt5buD+YBMoQvB3J4Vlu195WaO9nKctt+ZdbEdfiXVihpAcbZ5q:Q+xlt5bu6YBMoQ9JIuMBt3dKlitZ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e1185001a841ff80aff8c5eef507fa0_JaffaCakes118

Files

0e1185001a841ff80aff8c5eef507fa0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

112c887a78d960f87c781d691367f0f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW

user32

LoadIconA
LoadStringW
GetSystemMetrics
LoadImageA
MessageBoxW
CharNextA
DestroyWindow
UnregisterClassA
CharNextW

kernel32

GetSystemTimeAsFileTime
InterlockedCompareExchange
TerminateProcess
SetLastError
FindResourceA
EnterCriticalSection
lstrlenA
QueryPerformanceCounter
SetFilePointer
Sleep
lstrlenW
GetCurrentProcessId
lstrcmpiA
GetModuleFileNameA
EnumResourceNamesW
GetEnvironmentVariableA
RaiseException
GetLastError
GetModuleHandleA
LockResource
ExitProcess
LocalAlloc
GetTickCount
SizeofResource
LeaveCriticalSection
MultiByteToWideChar
FindResourceExA
GetCurrentThreadId
InterlockedExchange
GetVersionExA
GetStartupInfoA
CreateProcessA
LoadResource
WideCharToMultiByte
GetCurrentProcess

clusapi

CloseCluster

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ