748a61f0931963d68e52059f96ae8e1b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

748a61f0931963d68e52059f96ae8e1b_JaffaCakes118
Size

77KB
MD5

748a61f0931963d68e52059f96ae8e1b
SHA1

35c2b763848582f993c7a9817fd283c7337b1fb2
SHA256

77c03e8adc1929b0869395d21c9ce0f1881fa7d0d09f7c298e1d9a77bbccd9bc
SHA512

b3364e793ce924c7eecc7778354ed913a8c657c4921e85658be0b5494408cd87335605f68f7ae33eb7c80ff0e6c752ef4710166544d23f0e9297e729bb40e9d6
SSDEEP

768:pwm1zalrutJGuXK/6P25d3cwnLWx0IbWohmiaD7C8/N6jleD2u0GOOrEissSjhf5:pd5K+JGuucVjbPUX7CK2O8GOgEissi5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
748a61f0931963d68e52059f96ae8e1b_JaffaCakes118

Files

748a61f0931963d68e52059f96ae8e1b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d0f868703992b2eb0c06a6d8bee61d7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
LoadLibraryA
SetFileAttributesW
VirtualAlloc
VirtualFree

user32

CallWindowProcA
DestroyWindow
GetActiveWindow
GetCursorPos
LoadStringA
PeekMessageA
ShowWindow
TrackPopupMenu
UnregisterClassA

gdi32

CreatePenIndirect
DeleteEnhMetaFile
DeleteObject
GetEnhMetaFileHeader
GetPaletteEntries
GetTextExtentPointA
LineTo
RealizePalette
SelectObject
SetMapMode
SetWinMetaFileBits

shell32

DoEnvironmentSubstW
DragQueryFile
DragQueryFileW
SHAppBarMessage
SHBrowseForFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ