958e9e6299b9264be184b19db928dacb_JaffaCakes118 | Triage

Sharing

General

Target

958e9e6299b9264be184b19db928dacb_JaffaCakes118
Size

131KB
MD5

958e9e6299b9264be184b19db928dacb
SHA1

f505ebbecc7f2bcf1125bce94171eb5d066736d2
SHA256

c1027d370100cbdf10c6bc47470cd3c73ee041478fb0115a6a19c43643e5df63
SHA512

689626186e61728b7a894a1d05666aad16d94df847afa4882662dda70c3d525bb9d432ba99f2be9bae12f46285d4a752f3d5662581102506574fda0bdea11172
SSDEEP

3072:jmtFRwLc8DKKvhgGcAcE91faFoZ83LGVNLu1J7:jmtFeRzjDccfaSZ83ajLu3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
958e9e6299b9264be184b19db928dacb_JaffaCakes118

Files

958e9e6299b9264be184b19db928dacb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ecc353aeca014682aefda2d217b984a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDefaultLCID
GlobalHandle
HeapFree
IsDebuggerPresent
LoadLibraryA
VirtualAlloc
VirtualFree

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
FillRect
GetActiveWindow
GetWindowTextA
IsWindowVisible
PostMessageA
ScreenToClient
SystemParametersInfoA
TrackPopupMenu
TranslateMessage
wsprintfA

gdi32

CreateBitmap
CreateDIBSection
DeleteObject
ExtTextOutA
GetClipBox
GetPaletteEntries
GetStockObject
PatBlt
SetBkMode
SetBrushOrgEx
SetWindowExtEx

shell32

ExtractIconA
ExtractIconExA
SHFileOperationW
SHGetFileInfoA
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteEx
Shell_NotifyIconW

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ