1c91933907d95330acf15859143acbbf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c91933907d95330acf15859143acbbf_JaffaCakes118
Size

173KB
MD5

1c91933907d95330acf15859143acbbf
SHA1

c337942296c2fe28f9295eb08c0e04e008c66b92
SHA256

1c893bc1d889617d4b20efe6ecfe1cf0dc6c6edbcf025e0bf24563cb1c58c2e6
SHA512

0a0730b77e437509979976987e8a755fe45fcaddac33ec22b60513de609e2a0bafe8a13fc299d1414ce724224d11dacadbaa33444c633217191341617fc7c318
SSDEEP

3072:7ECDiFKA9c58ALFdplrk6MSgP36RvrgRdP1GScEg6JZcG7uIclXw3:TDyN907HPMSgP6VMRdfPcG7Wlg3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c91933907d95330acf15859143acbbf_JaffaCakes118

Files

1c91933907d95330acf15859143acbbf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2569360ee93da4ab2f47db847f056d55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

winspool.drv

DocumentPropertiesW

user32

GetAncestor
CreateWindowExW
MessageBoxW
GetDC
LoadCursorW
GetWindowInfo
RegisterClassExW
EndDialog

kernel32

lstrcpynW
GetStartupInfoA
CheckRemoteDebuggerPresent
TlsAlloc
EnumResourceTypesW
InitializeCriticalSection
TlsGetValue
TlsFree
TlsSetValue
GetFileType

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apexi
Size: 1024B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ