6653a3bdf4023a8919fe6067a347914b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6653a3bdf4023a8919fe6067a347914b_JaffaCakes118
Size

134KB
MD5

6653a3bdf4023a8919fe6067a347914b
SHA1

8d1acebcd2ba34ff54a19bdf8f87f02e5e592589
SHA256

78b3fa6eaddf0738024c4c88bbf1cb5ee8007ea8c3397f2f1022515149260445
SHA512

fcee5f521b6b124a99f62435f987ffc9f5d2db74a6877c5103dca77bf66c7df9b94329a82166130193d9c3360ffa45cca38d5f7a5ef46972cf07d4ba40a238e7
SSDEEP

3072:hDWsE/CJvk4qlf8DRKpgCeYQ08NfH7GhxB2YDwQ/kzM7yed:pWR6W4qaDmg/f2Sapy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6653a3bdf4023a8919fe6067a347914b_JaffaCakes118

Files

6653a3bdf4023a8919fe6067a347914b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2befa54d6892c5c7194d7def350b78b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathW
GlobalLock
GlobalReAlloc
IsDebuggerPresent
LoadLibraryA
LoadLibraryExW
VirtualAlloc
VirtualFree

user32

DestroyMenu
GetDC
InvalidateRect
IsIconic
RegisterClassA
ShowWindow

gdi32

CreateDIBitmap
DeleteEnhMetaFile
Escape
GetDCOrgEx
GetDIBits
GetEnhMetaFileHeader
GetStockObject
PatBlt
RectVisible
SelectPalette
SetWindowOrgEx

shell32

CommandLineToArgvW
DragFinish
DragQueryFileA
ExtractAssociatedIconW
SHBrowseForFolder
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetFileInfo
ShellExecuteEx
ShellExecuteExA
ShellExecuteW

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ