a04515b73cf4485f2b5c6656f6d79e54_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a04515b73cf4485f2b5c6656f6d79e54_JaffaCakes118
Size

146KB
MD5

a04515b73cf4485f2b5c6656f6d79e54
SHA1

ffdb02480a77c7db6e81e31408a383edcb5d13ab
SHA256

26b83ec0041f17d5d6a71ef211cf47f64966a7ed9a1528b706dcdf5f1a01c12c
SHA512

0737f2381694eb1a774a1667ccf2a04473810bfe6b967d81bf0e16a7891e9ecde2614783a2457e78a1f808209f469550496739cd6f97f0fb464cfd4cd2fb709c
SSDEEP

3072:B9MHtJf9iqlj7wL0zgrqQldEhh5RWWgFysKIn+N1QeRF9+Ws1o:3MHtTiUj8L00d+h5MBysKI+N1Qed+WsW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a04515b73cf4485f2b5c6656f6d79e54_JaffaCakes118

Files

a04515b73cf4485f2b5c6656f6d79e54_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a676aa394d9e0054d27af7f346c7729

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

CloseCluster

shlwapi

PathAddBackslashW

kernel32

TerminateProcess
GetVersionExA
GetStartupInfoA
SetLastError
EnterCriticalSection
RaiseException
WideCharToMultiByte
GetLastError
Sleep
GetTickCount
lstrlenA
SetFilePointer
GetCurrentProcessId
SizeofResource
MultiByteToWideChar
LocalAlloc
InterlockedCompareExchange
EnumResourceNamesW
GetModuleHandleA
CreateProcessA
FindResourceExA
ExitProcess
LockResource
LeaveCriticalSection
QueryPerformanceCounter
lstrlenW
GetCurrentThreadId
lstrcmpiA
FindResourceA
GetEnvironmentVariableA
InterlockedExchange
GetModuleFileNameA
GetSystemTimeAsFileTime
LoadResource
GetCurrentProcess

user32

LoadImageA
UnregisterClassA
CharNextA
LoadIconA
GetSystemMetrics
LoadStringW
MessageBoxW
DestroyWindow
CharNextW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ