61dcb5d06de4bfa1182e6bc523e11ba1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61dcb5d06de4bfa1182e6bc523e11ba1_JaffaCakes118
Size

296KB
MD5

61dcb5d06de4bfa1182e6bc523e11ba1
SHA1

8ab104d761b9165aeb3803a11a9e89485a06a833
SHA256

c90b0a76ba9013950139195863124cc010340f086560e3472218ce478a154f9b
SHA512

788bf837638c6094516de441d7b9ef1cca9107f371ff140624178a7f2f7078b9904467d447ebb65bdfbb4e56d642e6b545b9167d0546e7da0819797107d487cb
SSDEEP

6144:93wfzhBab1LOelUZZ6FJJpE7P61RCsdd:psh7ZAzJicc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61dcb5d06de4bfa1182e6bc523e11ba1_JaffaCakes118

Files

61dcb5d06de4bfa1182e6bc523e11ba1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

38390d1539d8b8f4de9d02b7fe696b52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetKeyboardLayout

shlwapi

StrStrA

kernel32

GetProcAddress
lstrcpyA
lstrcatA
WriteFile
Sleep
SizeofResource
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeResource
GetVersion
LoadLibraryA
LoadResource
LockResource

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE