635b41be876f007b721da636f87ee374_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

635b41be876f007b721da636f87ee374_JaffaCakes118
Size

55KB
MD5

635b41be876f007b721da636f87ee374
SHA1

868db6d5ce4e60341cd8292e4a50ba2e5949ded0
SHA256

9e279fc043ff6516ffce62fe23a90d2f07f9b7baff3133db47d3a1adc4cffb9d
SHA512

f240d87fcce43fe8a5932f5e4b54d95083b05dd57498d6955653d4c1148c463263ada5b7c5d4087ab387808df412b80101692722a12cee9ff2169b14a5112fe6
SSDEEP

1536:U0acAtm1uGvmGWRQN1/VUg0vl5Rq42rwUpDluzy:UtcSeRN1+l5/22O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
635b41be876f007b721da636f87ee374_JaffaCakes118

Files

635b41be876f007b721da636f87ee374_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d54fca302354cb4cf88489b5ac9135a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumDateFormatsExW
ExitProcess
GetConsoleCursorInfo
HeapFree
OpenFile
RequestDeviceWakeup
ResetEvent
WriteFileGather

advapi32

ControlService
CryptDeriveKey
CryptEnumProviderTypesA
CryptSignHashA
GetUserNameA
GetUserNameW
OpenProcessToken
RegConnectRegistryA
RegDeleteValueA
RevertToSelf

user32

CreateIconFromResourceEx
CreatePopupMenu
ExcludeUpdateRgn
GetClassLongA
GetWindowTextA
IntersectRect
RealGetWindowClass
ValidateRgn

shell32

DllInstall
DoEnvironmentSubstA
DragQueryFileAorW
ExtractIconEx
ExtractIconResInfoW
RealShellExecuteExA
RealShellExecuteExW
SHGetFileInfoA
SHInvokePrinterCommandA
SheGetPathOffsetW
SheShortenPathW
ShellAboutW
ShellExecuteExW

gdi32

CopyEnhMetaFileW
EnumFontFamiliesA
GetArcDirection
GetBitmapBits
GetDIBits
GetDeviceGammaRamp
GetEnhMetaFileDescriptionW
GetTextExtentPointA
RestoreDC
SetBoundsRect

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE