73451e1163f93f4306818cb218c48c48_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

73451e1163f93f4306818cb218c48c48_JaffaCakes118
Size

296KB
MD5

73451e1163f93f4306818cb218c48c48
SHA1

b2c308673d9da4aab6925e66a02792e23e7cd347
SHA256

37e50613cc8e560418c36006623f43a460430e09c5b87f62a2c1d0cdd9ed955b
SHA512

f234a98cd8a2dc7d97c1661a6c390623adccc28fe3865bdc1663d50d44b41c86abd5077568daf13da2907b602734e4e9d3afa4d8d28825fe905927adb7566d71
SSDEEP

6144:DX05S1UgWGhXFXP4WmvRiypJrEtE4+9YQhy1Fk6Kc:DX06Ua/43Rn/Etn+S77k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73451e1163f93f4306818cb218c48c48_JaffaCakes118

Files

73451e1163f93f4306818cb218c48c48_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5a7ea3aa5f99a7abf82a89a04a567cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
FreeLibrary
CreateFileA
GetTempFileNameA
GetTempPathA
CloseHandle
LoadLibraryA
GetTickCount
LoadResource
GetProcAddress
LockResource
WinExec
GetModuleHandleA
SizeofResource
LoadLibraryExW
SearchPathA
GetShortPathNameA
GetModuleFileNameA
ExitProcess
MoveFileExW
GetCommandLineW
WriteFile
FindResourceA
VirtualAlloc

user32

UpdateWindow
SetTimer
MoveWindow
GetWindowRect
GetDesktopWindow
EndDialog
DialogBoxParamA
ShowWindow
CreateWindowExA
SetDlgItemTextA

advapi32

RegSetValueExW
RegCreateKeyExW

shell32

SHGetFolderPathA
CommandLineToArgvW

Sections

.text
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ