77970a954e8e00bca768f6913831b915_JaffaCakes118 | Triage

Sharing

General

Target

77970a954e8e00bca768f6913831b915_JaffaCakes118
Size

164KB
MD5

77970a954e8e00bca768f6913831b915
SHA1

45ae0952d04610479762340533060f158aca0da5
SHA256

c40f2596b6424e31dbaf29e1cf3157ce819149a29b2e0cdafe6c17e7eb6c25c7
SHA512

50893270517685fa2e329b8d49e14bbeed9e33146f62e1963870e8a5000fe27db8fd4310e945be0e0f11d88ac82e29cc333ad78d1c9d1a6b95b9712b1f2a1f18
SSDEEP

3072:k240YbRv/nl8glGi6KkWUR6qev3S6q+WDtDOUeGCIrF1j6iJxb:/Y1v/nCpbWUR6qePxqh4UeGCIrbeiJx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77970a954e8e00bca768f6913831b915_JaffaCakes118

Files

77970a954e8e00bca768f6913831b915_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b34951fed7d63fb475dfbf89b2278bcf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

user32

wsprintfA
MessageBoxA

kernel32

CreateToolhelp32Snapshot
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

msvcrt

_strupr

ws2_32

closesocket

Sections

CODE
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ