4294baed4d87a403f7bf3f53c6182e78_JaffaCakes118 | Triage

Sharing

General

Target

4294baed4d87a403f7bf3f53c6182e78_JaffaCakes118
Size

748KB
MD5

4294baed4d87a403f7bf3f53c6182e78
SHA1

ddf486580003876f9e90757f2ed1623dcacfec92
SHA256

9c8abb5b660c47f61385ec672e2e1711618ee824026538c58a15cc4ba6f341bc
SHA512

9786175239c50d6083b212a5f21e4206b3814b4461da477f313bf34cd74ec529b617ff0c9f689796b9e4d2b12024eae506adbfa40812afd488c7875240a8e3b3
SSDEEP

12288:3OacOUtaZsbYjYUwDKR17tjTmMDaKAdp63d4HgJVGEQjO5hDkX/vqJzh:GOvZsVyjTmMDvA36rGghDkvyr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4294baed4d87a403f7bf3f53c6182e78_JaffaCakes118

Files

4294baed4d87a403f7bf3f53c6182e78_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f75bf4e636223a5617c9014df10f1915

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
WriteFile
CreateFileA
ReadFile
GetFileSize
CopyFileA
GetModuleFileNameA
GetFullPathNameA
Sleep
GetTempFileNameA
GetTempPathA
ExitProcess
GetModuleHandleA
lstrlenA
CreateDirectoryA
HeapFree
GetProcessHeap
CloseHandle
CreateProcessA
WaitForSingleObject
lstrcpyA
lstrcatA
DeleteFileA
SetFilePointer
HeapAlloc

user32

CheckDlgButton
wsprintfA
GetDlgItem
GetWindowRect
GetSystemMetrics
MoveWindow
SetFocus
SetDlgItemTextA
DialogBoxParamA
EndDialog
IsDlgButtonChecked
GetDlgItemTextA
MessageBoxA
ShowWindow

gdi32

TextOutA
SelectObject
CreateFontIndirectA
SetTextColor
CreateSolidBrush
DeleteObject
SetTextAlign

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

lz32

LZOpenFileA
LZCopy
LZClose

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ