aa54db76f0688ab103e472d1181845e3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa54db76f0688ab103e472d1181845e3_JaffaCakes118
Size

131KB
MD5

aa54db76f0688ab103e472d1181845e3
SHA1

a5825e36219061998963c2ac81422e4cb59cccae
SHA256

0ecebe33fecb1e4483a2b31f894016886a27d79088d4dc5169d56ac81f001865
SHA512

28a8e7ae195da12138bf53029dcb0387add94fe3e2d4fc1b876dd592d4ba8aca761acd402f5fd546ce5b35cd7d41d636b2360631c7ef7d833705020ffca4ffb1
SSDEEP

3072:8idW3L0FL3oGqw2Ur3apAXdP3z+WEEVTvdt:NeL0J3RqwPrKpAdPzBzpv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa54db76f0688ab103e472d1181845e3_JaffaCakes118

Files

aa54db76f0688ab103e472d1181845e3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f152758767ef88fd49ca40dd2a924bbe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFileInfoA
DragQueryFileA
Shell_NotifyIconW
Shell_NotifyIconA
SHGetSpecialFolderLocation

kernel32

VirtualAllocEx
GetProcAddress
ExitProcess
GetCommandLineW
GetStdHandle
GetProcessHeap
LoadLibraryA

msvcrt

malloc
srand
wcschr
mbstowcs
wcstol
memmove
wcscspn

user32

wsprintfA
IsWindowEnabled
LoadIconA
GetSystemMetrics
LoadBitmapA
GetMenu
MoveWindow
GetCapture
CreateWindowExA

Exports

Exports

eK08Gp2_GvAB
_E8t5oPYKKT
_g9Xjemt1@24
_8p9odc@8
92TUMGztS@24
_cN17raASk1TF

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.itdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 818B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iidata
Size: 1024B - Virtual size: 845B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ