871af2bda299abb3201c43bb9dfe1c04_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

871af2bda299abb3201c43bb9dfe1c04_JaffaCakes118
Size

140KB
MD5

871af2bda299abb3201c43bb9dfe1c04
SHA1

8a62c3b75422e2ff0798f717fa404bed5deb8d39
SHA256

910253e6e338a5e39f3444fc9f2862c9722c463bf03bf7f297cfe1a336ff8eda
SHA512

36901fb6071bfce55b8b8053a2eadddc3583cb1a220548bf93922e0ffd991ce8382db50d9b714638d956ea2020e224aadb7fdc3e223933dde446550074ea3100
SSDEEP

3072:tVfE+J4+o61b6a4hLPrjI3Ki9p+oYALM+P7ae5EyMg/ckN4:tVvJ5wvPrMvYGM+zJWgN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
871af2bda299abb3201c43bb9dfe1c04_JaffaCakes118

Files

871af2bda299abb3201c43bb9dfe1c04_JaffaCakes118
.exe windows:4 windows x86 arch:x86

351b88ce6fce1a3167c23b4a77e91683

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetBkMode
SaveDC
GetObjectA
SelectObject

kernel32

LoadResource
HeapAlloc
GetFileAttributesA
lstrcatA
GetThreadLocale
SizeofResource
LoadLibraryA
GetStdHandle
WaitForSingleObject
GetProcessHeap
IsBadReadPtr
GlobalFindAtomA
ExitProcess
lstrcmpA
MoveFileA
SetFilePointer
GetUserDefaultLCID
VirtualAlloc
GetLastError
SetErrorMode
lstrcpyA
GlobalDeleteAtom
SetLastError
GetModuleHandleA

user32

IsWindow
GetFocus
GetClassNameA
GetClassLongA
GetMenuItemCount
GetMenu
GetSysColor
IsIconic
GetClassInfoA

version

GetFileVersionInfoA
VerFindFileA

shell32

Shell_NotifyIconA
DragQueryFileA
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHFileOperationA

Exports

Exports

_HZAlU8InNNpjT
ENikTmuMTY6@4
_DbOYkbg
E8ieSZV@20
_DmQABpg7tuj7mU

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ