414b7771b052785799504011c0fd2efe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

414b7771b052785799504011c0fd2efe_JaffaCakes118
Size

334KB
MD5

414b7771b052785799504011c0fd2efe
SHA1

03045ae1087f614cf032c7b7371ea6f334288f4d
SHA256

641bb95764a2c0fdc6ede60845259334b9475c2db2f711b9e7fd4bc7aedb71d4
SHA512

607c53185d00766bd6522a9f20170d22bd92a3c81a37b723a1ab4e2efac4d866517f53a2d369ffdbc9a049b8122b9da16e432d25fc9d0b3c7da5a5b9d4778d27
SSDEEP

3072:7+Q82fF4hmbHBYbN+y84MSftQQRTW+ZsOYX423iIPuSyqGwiRc2+ZBqFZdYirt80:684h47TmllRq+Z1pS7oRx0Bw+JsZr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
414b7771b052785799504011c0fd2efe_JaffaCakes118

Files

414b7771b052785799504011c0fd2efe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

51fe833d16fc5047a9f13a46a3bcdb0b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFolderPathA
DragQueryFileA

kernel32

VirtualFree
ExitProcess
VirtualAllocEx
LoadLibraryA
SizeofResource
GetOEMCP
VirtualAlloc

user32

IsCharUpperA
GetMenu
DrawAnimatedRects
IsCharLowerA
GetDC

comctl32

ImageList_Add
ImageList_Write
ImageList_GetBkColor
ImageList_DragShowNolock
ImageList_Remove
ImageList_Destroy
ImageList_Draw
ImageList_Create
ImageList_Read

Exports

Exports

XiwjkB

Sections

CODE
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Epdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 843B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ecdata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ