1727d6413a36d090877929d1c51adeb9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1727d6413a36d090877929d1c51adeb9_JaffaCakes118
Size

26KB
MD5

1727d6413a36d090877929d1c51adeb9
SHA1

ee5e0dd262e95e86bd30ff4194ae563c54d2b554
SHA256

30d65b40c8cbdf8e764949f0b30dc15b4eb012dc62e38af6d2e287d7f5850d6b
SHA512

704f57560f80f2104c4cd385cc9437e66ea37661133d826a97887331f226d657ad65c8b577d17bb4736d4d72a910e8354dcb9de7aae87132e02f4289a41237c7
SSDEEP

768:SWiPUoiGbLBmwavoBEJ66Dsp1qUjP/H2RFLPO:SWiPVDLbwCg6Ssqr9PO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1727d6413a36d090877929d1c51adeb9_JaffaCakes118

Files

1727d6413a36d090877929d1c51adeb9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

12d34a2632651dd940bd6790a4432112

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA

kernel32

CloseHandle
SetUnhandledExceptionFilter
HeapDestroy
DeleteFileA
LocalFree
HeapCreate
GetCurrentThreadId
CreateMutexA
GetACP
GetProcessHeap
GetLastError
OpenMutexA
HeapAlloc
DisableThreadLibraryCalls
HeapSize
GetUserDefaultLCID
LocalAlloc
IsDBCSLeadByte
GetEnvironmentStrings
HeapReAlloc
SetErrorMode
GetDriveTypeA
IsDebuggerPresent
FreeEnvironmentStringsA
ReleaseMutex
IsValidCodePage
ExitProcess
FormatMessageA
ReadFile
CreateFileA
VirtualAlloc
GetModuleHandleA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

GetSystemMetrics
GetMessageA
TranslateMessage
wsprintfA
MessageBoxA

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ