aa45a8a84abcd970c75adbe8b7d7b0d6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa45a8a84abcd970c75adbe8b7d7b0d6_JaffaCakes118
Size

111KB
MD5

aa45a8a84abcd970c75adbe8b7d7b0d6
SHA1

97bc791281ce6671227aa0a3a9287263d4a9ff72
SHA256

da22e5616c9f062b891fe4b13833513a0fbea580cfbd057055669c18b7ca3a4e
SHA512

7b97bc22442c96068fb286261c6fadf147c4856f78250cc9d3bd8538c9595906a3f9ede4121d1c24277d9bd34bffc0ea4fdb675707b33720f443df0bbb968ac2
SSDEEP

3072:4ldj4DFrnMwszgzkyDaY6M0D9scaRsVywcDC6j:Mj4hrnMws0znDaY6M0DSVwc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa45a8a84abcd970c75adbe8b7d7b0d6_JaffaCakes118

Files

aa45a8a84abcd970c75adbe8b7d7b0d6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

674fbb4bf674c4f19ff3cc2758c3086d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowTextLengthA
GetMenu
WindowFromPoint
WaitMessage
IsChild
UnregisterClassA
CreatePopupMenu

shell32

SHFileOperationA

msvcrt

atol
_acmdln
memmove
rand
time
mbstowcs
calloc
wcscspn
wcschr
clock
sqrt
malloc
wcsncmp

kernel32

FreeResource
SetEndOfFile
GetACP
ReadFile
EnumCalendarInfoA
GetLocaleInfoA
VirtualAlloc
GlobalDeleteAtom
GetStringTypeW
LoadLibraryA
RaiseException
SetErrorMode
FindFirstFileA
GetVersion
ExitProcess
MulDiv
GlobalAlloc
GlobalFindAtomA
GetDateFormatA
WriteFile
FindResourceA
GetThreadLocale

Exports

Exports

d2AkK@20
_d7Dyt1bXhWGh0W@4
_ZZRggyucc@4

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ