6815b485e8891b3fdeafde026cb7888e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6815b485e8891b3fdeafde026cb7888e_JaffaCakes118
Size

32KB
MD5

6815b485e8891b3fdeafde026cb7888e
SHA1

b9bc51997610abfb33cb88b4017e6347846cc696
SHA256

c9cd646cf51fc537aef8bb1c65f030af2aec8f49dcb336e62136b2d84e3a0d05
SHA512

df12ed644bec7a36dc19ae174d598604c0dc5e24fe014447a420777dc2bb52c99bf6ab05b115f71c723f82693b3ef0b8c813b4a6d1f34412c392a6fcedf225fe
SSDEEP

384:8Reic9vf7mSAyghezln7AJXB2IXPeAmfGQiCDZT6hkuQ5Uzn:Y0DmhyB7Ix2uAfLiox613T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6815b485e8891b3fdeafde026cb7888e_JaffaCakes118

Files

6815b485e8891b3fdeafde026cb7888e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab9235f0ab9c8c18185b15ba878efdf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
IsBadReadPtr
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleA
GetProcessHeap

user32

DialogBoxParamA
LoadIconA
wsprintfA
MessageBoxA
EndDialog
SendMessageA
GetDlgItem

atl

ord47
ord42

shell32

ShellExecuteA

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z

ole32

CoUninitialize
CoInitialize

oleaut32

SysAllocString
SafeArrayDestroy
VarR8FromBool
VarR8FromCy
VariantClear
SafeArrayCreate

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 870B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE