15f4986078957674ade8aa5a93317265_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15f4986078957674ade8aa5a93317265_JaffaCakes118
Size

772KB
MD5

15f4986078957674ade8aa5a93317265
SHA1

81a075664c4a7769f48f8da16b41ca2b704a7bcc
SHA256

469c3800d15db56d5334f2c5da9dfd2167df97122f3de58e06b41796103badef
SHA512

0509e531974ca91c2a90a3241528f0fc6c17070eb4526ebfad2dde14eafdf4cfd7033d26c1be287ed56b8b0c73969adb8652a932c5f1650acc031d89bf06fc0c
SSDEEP

24576:6A0+wEqov8AoYQ48fB5Ho5OlljBDZPM0KXiyynTI:OEqowjBho5GRNMNM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15f4986078957674ade8aa5a93317265_JaffaCakes118

Files

15f4986078957674ade8aa5a93317265_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7f0874115d6232d5da15e05ac252c1e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GetCPInfoExA
IsBadStringPtrA
GetConsoleAliasesA
Process32NextW
FindNextChangeNotification

user32

NotifyWinEvent
LookupIconIdFromDirectoryEx
GetThreadDesktop
InvalidateRgn
GetWindowThreadProcessId
GetMenuStringA
ShowCursor

shell32

InternalExtractIconListA
SHHelpShortcuts_RunDLLW
ShellHookProc
SHFreeNameMappings
SHGetPathFromIDList
SHFreeNameMappings
StrNCmpIW
SHGetSpecialFolderPathW
SHFileOperationW

Sections

.text
Size: 16KB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 696KB - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pack32
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE