866c0b351a706df7d86e95725a661b1a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

866c0b351a706df7d86e95725a661b1a_JaffaCakes118
Size

1.1MB
MD5

866c0b351a706df7d86e95725a661b1a
SHA1

27bec9b6449a11394757d57af9c284a397c028e4
SHA256

daee99b34e7ba03843cd27972f49e64aca59e432741136e75d6e636195bf899b
SHA512

808b513302127c6cc57fb2783ee2f9c5ec3847fa68043daa673cc87e71aa2fd8b4addcf4228d6570b1b5739b7f72ce88d4c150387ed1ad07015327a3a3f0d8ce
SSDEEP

24576:OgBhSRMizqZUnHgazeGIwOp9buMTGUfl42V1f:1BhaOd+eAKbuMTL42Vl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
866c0b351a706df7d86e95725a661b1a_JaffaCakes118

Files

866c0b351a706df7d86e95725a661b1a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb88d63d427eff8f0f769688b6f1a3ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisableThreadLibraryCalls
ExitProcess
FindClose
FindResourceA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetSystemDefaultLCID
IsBadWritePtr
IsDebuggerPresent
LoadLibraryA
ResumeThread
VirtualAlloc
VirtualFree

user32

DispatchMessageA
EndDialog
GetKeyState
IsWindowVisible
PostQuitMessage
RegisterClassA
SetWindowPos
wsprintfA

gdi32

CreateDIBSection
CreateHalftonePalette
DeleteEnhMetaFile
ExcludeClipRect
GetObjectA
GetTextExtentPoint32A
LineTo
MaskBlt
RestoreDC
SelectObject
SetBkMode
SetViewportExtEx

shell32

DragQueryFileA
DragQueryPoint
FindExecutableW
SHBrowseForFolderW
SHChangeNotify
SHGetDiskFreeSpaceExW
SHGetFileInfo
ShellExecuteA
ShellExecuteExW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ