226f0df43f06a8ecd190aebad8f2403e_JaffaCakes118 | Triage

Sharing

General

Target

226f0df43f06a8ecd190aebad8f2403e_JaffaCakes118
Size

21KB
MD5

226f0df43f06a8ecd190aebad8f2403e
SHA1

f429479607f0e96fb6d7bd1df307cffa303d96d1
SHA256

2f61d2f576ecba62c4c88296773a0e1fc286d5c98838048c739e0d56be6678b8
SHA512

75162b48a0dc122ec14937bf8e8341507ce75b864274a05e98bde9fa387070d358802e33b3b3eae7326995f0f41493716ab9d6897df87ec889485dc2023836ad
SSDEEP

384:ZA1/mzmAV35y92RgqXCX4iPtOHY588NzyAuqa5C+VtP:ZSOzWkSVlOHY5881zuqelVt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
226f0df43f06a8ecd190aebad8f2403e_JaffaCakes118

Files

226f0df43f06a8ecd190aebad8f2403e_JaffaCakes118
.exe windows:1 windows x86 arch:x86

1cc5822f27444410f9d7360d2fb9d7a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
WritePrivateProfileStringA
CopyFileExA
GetConsoleAliasesLengthA
UpdateResourceA
RemoveDirectoryA
WriteConsoleW
SetEnvironmentVariableA
ReadConsoleInputA
CreateFileA
WriteProfileStringW
UpdateResourceA

user32

GetUserObjectInformationA
SendDlgItemMessageA
DdeQueryStringA
RegisterWindowMessageA
GetTabbedTextExtentA
CreateWindowStationA
GetWindowTextA
OpenDesktopA
SetWindowsHookExA

gdi32

AddFontResourceExW
GetCharWidthFloatA
EnumFontFamiliesExA
CopyMetaFileW
GetGlyphIndicesA

Sections

.code
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.��
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ