87e58c1a0be38d6c4787d73bc3a3c835_JaffaCakes118 | Triage

Sharing

General

Target

87e58c1a0be38d6c4787d73bc3a3c835_JaffaCakes118
Size

53KB
MD5

87e58c1a0be38d6c4787d73bc3a3c835
SHA1

2502520d4afc9b3cfa207638dfa9344a7738cdb9
SHA256

0e5c57d5c3320b72234b8bc80200bf566b1277bafc433073caa73b8212dc7538
SHA512

79b92136d036fa05a45adb5687c6b15be5e4b5c61b73b1eaa12ab29afa5728d56a53fa96e062d66904653f49c8bb828bbaf66e66a4f57b580b1bb099cda8acec
SSDEEP

768:Umrx/7AO1UTFSRM5Q/6ANtB36bw2iYLTyymErEJY+YZGPWouJK:U6A5kREQ/tJ36bw2iSjrEG+GlJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87e58c1a0be38d6c4787d73bc3a3c835_JaffaCakes118

Files

87e58c1a0be38d6c4787d73bc3a3c835_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2cde0f6b998f06e4793e52bc0cb485c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
Process32Next
lstrcmpA
CloseHandle
Process32First
CreateToolhelp32Snapshot
GlobalFree
WriteFile
lstrcatA
lstrcpyA
GlobalAlloc
LockResource
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
ReadFile
GetFileSize
GetProcAddress
CopyFileA
WinExec
GetPrivateProfileStringA
GetEnvironmentVariableA

user32

PostQuitMessage
DestroyWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
ShowWindow
LoadIconA
DispatchMessageA
TranslateMessage
PeekMessageA
FindWindowA
LoadCursorA
DefWindowProcA

shell32

ShellExecuteA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ