634e5cf968d47b3501ab84a64d0beea5_JaffaCakes118 | Triage

Sharing

General

Target

634e5cf968d47b3501ab84a64d0beea5_JaffaCakes118
Size

173KB
MD5

634e5cf968d47b3501ab84a64d0beea5
SHA1

91fd1b2a56dedb2ca96641522923c3455218672c
SHA256

e7ec45bdb7abbfd1fb42ac39fbd188e196258ce9880cc81fb819d3bd2ec97c03
SHA512

5704a67959a0680cdce2d73a1451f8fae427a3f3a836e26ee2632ea2b3a52ac82798da9df9a5e198f3f242b61fca0f962dc2dd252bbf228e9f78ef33ede60a06
SSDEEP

3072:v7z7MLcHVmoGY5koSJ6neuk0ULQCyEep4NcWaflc18DrQo84FlSj1Hm4NGHmA34f:vz8WiQkoNegBCyEescWS48DkBW4HHJf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/s.exe

Files

634e5cf968d47b3501ab84a64d0beea5_JaffaCakes118
.rar
s.exe
.exe windows:4 windows x86 arch:x86

7349ebea55c309b49931d42b83986f31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
VirtualFree
LoadLibraryA
GetExitCodeProcess
VirtualAlloc
VirtualProtect
GetProcAddress
GetModuleHandleA
VirtualQuery
GetExitCodeThread
HeapAlloc
ResetEvent
VirtualAllocEx
GetLastError
HeapReAlloc
LocalLock
VirtualLock
ReleaseMutex
GetProcessHeap
SuspendThread
WaitForSingleObject

user32

SendMessageA
ReleaseDC
IsWindowVisible
OpenIcon
LoadAcceleratorsA
LoadCursorA
GetDesktopWindow
GetDC
SetTimer
GetCursorPos

gdi32

CreateDIBPatternBrush
GetPixel

psapi

GetModuleInformation

msvfw32

DrawDibOpen
DrawDibClose
DrawDibEnd
ICRemove

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ