61ed430023360540e9c4e00dcc4d3f30_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61ed430023360540e9c4e00dcc4d3f30_JaffaCakes118
Size

133KB
MD5

61ed430023360540e9c4e00dcc4d3f30
SHA1

2850b2be9f0f3972eb25ef7365d8e644f4205ff2
SHA256

9b5c2af26de75c8fddf00e299134416c261d3fd1e2011121624c229367da4fe6
SHA512

78f900f43e2c3611c80aca9341270882f480de622ca74afbc08821b3235e44363edfdd73c86b13f8915e1ea54084a49fe127e3e1a3fffa0e61987c2862b3d37b
SSDEEP

3072:K83QcWec0YdApQcHSqGqOl0wDKU1nqyw6TUvo5Z864F0Kev9tz:K8gcWekGCMFyyUFXnwoj0LAL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61ed430023360540e9c4e00dcc4d3f30_JaffaCakes118

Files

61ed430023360540e9c4e00dcc4d3f30_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0e095b0a65811ad3e483099555dc27f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCPInfo
GetDriveTypeA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
IsDebuggerPresent
LoadLibraryA
RtlUnwind
TlsGetValue
VirtualAlloc
VirtualFree

user32

CreatePopupMenu
EnableMenuItem
GetDesktopWindow
GetForegroundWindow
GetWindowPlacement
PostMessageA
SendMessageA
SetForegroundWindow
wsprintfA

gdi32

CreateBrushIndirect
CreateCompatibleDC
CreateDIBitmap
ExtTextOutA
GetPixel
GetTextMetricsA
MaskBlt
MoveToEx
PlayEnhMetaFile
SetStretchBltMode
UnrealizeObject

shell32

FindExecutableW
SHAppBarMessage
SHFileOperationA
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderPathA
SHGetFolderPathW
ShellExecuteExW

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ