191a5c47f8f76df0f4b8b19268289959_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

191a5c47f8f76df0f4b8b19268289959_JaffaCakes118
Size

20KB
MD5

191a5c47f8f76df0f4b8b19268289959
SHA1

cff63334f37d36dfa130cf3607428d74c43a79a5
SHA256

549017969716d09daa4abd6733479b4cf6a94c8cc5a3f6c9febdfda555683858
SHA512

9825508788e9327d439c615a6d22e6e3e17565f9772dcbf9e0cf0d379f2c3a1c8ebc16c1ec6f53dab22cbdc5679683bbca9d87760f96e9e10e5e05cccf445b93
SSDEEP

384:dP4aJwsuBQQrc3CdHROAWrcmyvelTBfFYNrDd0bmmZiJHs7P:dTCFr2QxjWrGaTBCrDSbmLUP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
191a5c47f8f76df0f4b8b19268289959_JaffaCakes118

Files

191a5c47f8f76df0f4b8b19268289959_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b0dd2d31fd68e620326b737a47308a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA

kernel32

IsDebuggerPresent
GetCurrentProcess
RtlUnwind
IsBadWritePtr
lstrcmpiA
GetLastError
CreateDirectoryA
ExitProcess
LocalFree
FormatMessageA
ReadFile
CreateFileA
VirtualAlloc
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess

user32

ShowWindow
UnregisterClassA
SendMessageA
CreateWindowExA
EndDialog
SetFocus
PeekMessageA
IsWindow
IsWindowEnabled
IsWindowVisible
GetWindow
GetActiveWindow
SetWindowTextA
MessageBoxA
wsprintfA
DispatchMessageA
PostMessageA
GetParent
GetDesktopWindow
PostQuitMessage

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ