3694f14d097a7a87de6b53ad349e6680_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3694f14d097a7a87de6b53ad349e6680_JaffaCakes118
Size

36KB
MD5

3694f14d097a7a87de6b53ad349e6680
SHA1

b2c8e954088878323e8f9d54eb3f7426169338c6
SHA256

95ae098f0e542321756510951389da9876b6da82c35fb76b906ecb0203aa762e
SHA512

9ea910ab97c8f5170b070bd9cb314bfec6a02af7326c655f806166f1127e5a3c0788007c6b465f55776de908d616cd15366c7dbdf433ad8767820054de31b683
SSDEEP

384:zMoQdKfUUu5vD918tzufWH+FjnTyO0J7Z+6hQ/hiZevsXN:odKevvLfjsXaOQgZeC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3694f14d097a7a87de6b53ad349e6680_JaffaCakes118

Files

3694f14d097a7a87de6b53ad349e6680_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ed7dd473ec9f675bbb5722113dd5119e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetSystemInfo
GetVersionExA
CloseHandle
WriteFile
MoveFileA
GetModuleFileNameA
GetCurrentDirectoryA
FreeLibrary
FreeResource
SizeofResource
LoadResource
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
Sleep
CreateFileA
ExitProcess

user32

SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
GetInputState
PostThreadMessageA
GetMessageA
wsprintfA
FindWindowA
PostMessageA
OpenWindowStationA

shell32

ShellExecuteA

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_strrev
_adjust_fdiv
_controlfp
__setusermatherr
_initterm
strcpy
memset
strlen
sprintf
??3@YAXPAX@Z
memcpy
??2@YAPAXI@Z
_exit
_XcptFilter
exit
_acmdln
__getmainargs

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ