714e9092fc989e88f95b3972279f8c45_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

714e9092fc989e88f95b3972279f8c45_JaffaCakes118
Size

460KB
MD5

714e9092fc989e88f95b3972279f8c45
SHA1

4d87b154829b2b94bee15f64f2e67d0951187267
SHA256

7816d5850e518a1be58bb9c26d1e22a1e0490a3de827a4cfd5ee37fad14e5ca7
SHA512

480aceb43e412b90f7afba6810fe9732cd413f162dc9f6f89e77ce9e02e2c8ee3b2b57112344a456427d5a3530b5c1454daae7dda8df53b6649fc92ac987489c
SSDEEP

12288:YOIQ9HOVsIFOwRkska3MoZICv+J4yn4dNfTvvu:YxQ9H8bvNW2y+Nrv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
714e9092fc989e88f95b3972279f8c45_JaffaCakes118

Files

714e9092fc989e88f95b3972279f8c45_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2ca03f403f9a82e3deaa15949d342633

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceNamesA
lstrcmpA
CloseHandle
DeleteFileA
WriteFile
CreateFileA
lstrcpyA
SizeofResource
LockResource
LoadResource
FindResourceA
GetCurrentThreadId
RemoveDirectoryA
Sleep
GetModuleHandleA
WaitForSingleObject
CreateProcessA
GetFullPathNameA
GetCommandLineA
GetShortPathNameA
GetModuleFileNameA
lstrlenA
lstrcatA
CreateDirectoryA
SearchPathA
GetTempFileNameA
GetTempPathA
InterlockedExchange
LoadLibraryA
GetLastError
RaiseException
GetProcAddress
LocalAlloc
FreeLibrary

user32

LoadStringA
MessageBoxA
PostThreadMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
GetMessageA

lz32

LZCopy
LZClose
LZOpenFileA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ