894a222bbdbb8d79b379b54a9cef9320_JaffaCakes118 | Triage

Sharing

General

Target

894a222bbdbb8d79b379b54a9cef9320_JaffaCakes118
Size

341KB
MD5

894a222bbdbb8d79b379b54a9cef9320
SHA1

e337118794b4ea0e39b82f6a8c405fd02bdbab90
SHA256

d859e78a492ab22c77dc9ebe86639d4eb0b6996d7381eade8786fc7c5137d70c
SHA512

fa097ef7362204118cf9db794d829c924434c170c9903642e2adec6a99e090e0bcdfb62fcbbc2e0ead98fd88bb9be002772a3a9ac538fc3cdfa16b691d273ec1
SSDEEP

6144:Wtl2DbPSyjYIx0EKNm8S+s2tetoiKa+bgQsWaq3r8Kevk+k72QOiJYTKQnnzLUpd:BDbKyjYuuI7+s2tGo3a+damrzVT+Tjn6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
894a222bbdbb8d79b379b54a9cef9320_JaffaCakes118

Files

894a222bbdbb8d79b379b54a9cef9320_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7cee5a65ca47cb5ee389b0cab418ed93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
SendMessageA
RegisterClassExA
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

GetProcAddress
LoadResource
LoadLibraryA
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcatA
WriteFile
SizeofResource
SetFileAttributesA
RtlMoveMemory
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GlobalFree
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
LockResource

shlwapi

PathFindFileNameA
PathFindExtensionA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE