874d02725c49ca4486b231ba66b77fa9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

874d02725c49ca4486b231ba66b77fa9_JaffaCakes118
Size

134KB
MD5

874d02725c49ca4486b231ba66b77fa9
SHA1

24873cf492bf631095202b4e4a2db77ed3664da1
SHA256

cc32e0d838a838e05000b6a02d8dcba7ad754aafcd66ae16faf902fad378def2
SHA512

4cfb6e3d21d333578eb98609c14e02dbc407b243e9f777aead1dd7bf394da6850dcf338814ef96a0b270b972f512f1b534b67c73522ffbc0189d13825f5c43c4
SSDEEP

3072:3VQFTuetzRhuJJhQYX74quKKuaFbsjECz:3Q6Oz7uJJhQ6C2jD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
874d02725c49ca4486b231ba66b77fa9_JaffaCakes118

Files

874d02725c49ca4486b231ba66b77fa9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7c37746f9d4ac08431cf5719dfd39e33

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
DuplicateHandle
ExitProcess
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
HeapReAlloc
IsDebuggerPresent
LoadLibraryA
LoadLibraryExA
ReleaseMutex
ResumeThread
VirtualAlloc
VirtualFree

user32

BeginPaint
DestroyMenu
DestroyWindow
DrawTextA
GetParent
GetSystemMetrics
MapWindowPoints
ShowWindow

gdi32

BitBlt
CreateSolidBrush
GetClipBox
GetDIBColorTable
MoveToEx
SelectObject
SetBrushOrgEx

shell32

ExtractIconExA
SHBrowseForFolderA
SHChangeNotify
SHGetDiskFreeSpaceExW
SHGetFileInfoW
ShellExecuteA

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ