ab56ad059f91d311ec985f263bf4e123_JaffaCakes118 | Triage

Sharing

General

Target

ab56ad059f91d311ec985f263bf4e123_JaffaCakes118
Size

133KB
MD5

ab56ad059f91d311ec985f263bf4e123
SHA1

04c890d37c5d2fc5a56f8c63e6d167e4ed7cf591
SHA256

d1e298d5edf59eff6c8d5e3620c7475d99241bc34a9e6ff1282b40b454a5b2af
SHA512

3c7ab7428f24151925136b1f764a4cd473718e67eb450d589aa8f0e28e41de16f4d998da8aedb3d01b53eb5755faea4b73f799a8715801ceb5d0dc7f4ee905bf
SSDEEP

1536:KK3n69iZBnCI836fivSy3oRVxgRNQyyw3/hru/lS4ij5ZBfJm8w1Bd5L8Yna/khI:53sWC8Goy3mlS4qfJm8gd5hoz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab56ad059f91d311ec985f263bf4e123_JaffaCakes118

Files

ab56ad059f91d311ec985f263bf4e123_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3e691699bad75816d5a23c51159f621

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
DisableThreadLibraryCalls
ExitProcess
FormatMessageA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
HeapAlloc
IsDebuggerPresent
LoadLibraryA
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree

user32

ClientToScreen
CreateWindowExA
DestroyMenu
GetCursorPos
IsIconic
PostQuitMessage
PtInRect
SendMessageA

gdi32

CreatePenIndirect
GetWindowOrgEx
IntersectClipRect
PatBlt
SetWindowOrgEx
StretchBlt

shell32

DragFinish
ExtractIconExA
FindExecutableW
SHAddToRecentDocs
SHCreateDirectoryExA
SHCreateDirectoryExW
SHGetFolderLocation

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ