4d6ff9c82ee4ddeff6282e4a9824df0b_JaffaCakes118 | Triage

Sharing

General

Target

4d6ff9c82ee4ddeff6282e4a9824df0b_JaffaCakes118
Size

69KB
MD5

4d6ff9c82ee4ddeff6282e4a9824df0b
SHA1

345d31d674418f9d211ff4b30f0cc2434e50962c
SHA256

b55e1f35f770cb9fc2ed88e2a671d53679148d8331afe88a419686df5e34b8c7
SHA512

879c75d942dfe7bfa32d8d707a281eb26ea1d8f4d9d2f2d41d57f281850c5cbeeaa25c46e26a8bbc5328697954218c0b9ae58d736fd84d833052b8b1c73e0f52
SSDEEP

1536:qzV52vrmOMFjLnJU8JARFaqEoTCXUyojyXm7bb:gVUjFMdLnq8JOckyB2Xb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d6ff9c82ee4ddeff6282e4a9824df0b_JaffaCakes118

Files

4d6ff9c82ee4ddeff6282e4a9824df0b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a237d54994c971e6d99f7207823930cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
ExitProcess
GetFileTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
IsDebuggerPresent
LoadLibraryA
OpenProcess
ResetEvent
VirtualAlloc
VirtualFree
WaitForMultipleObjects

user32

CallWindowProcA
ClientToScreen
EnableWindow
GetKeyState
GetSystemMetrics
GetWindowRect
InvalidateRect
IsWindow
IsWindowVisible
LoadIconA
PostMessageA
UnregisterClassA

gdi32

DeleteDC
DeleteObject
GetCurrentPositionEx
GetTextMetricsA
MaskBlt
MoveToEx
Rectangle
SetDIBColorTable
SetWindowOrgEx

shell32

CommandLineToArgvW
DragAcceptFiles
ExtractIconExA
ExtractIconW
FindExecutableW
SHAppBarMessage
SHBrowseForFolder
SHCreateDirectoryExW
SHFileOperationW
SHGetFileInfo
SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteW

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ