bd5147975db0fbd5b2099c160f18d7b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd5147975db0fbd5b2099c160f18d7b2_JaffaCakes118
Size

232KB
MD5

bd5147975db0fbd5b2099c160f18d7b2
SHA1

bce659e38626efc0d2177d878f789eb14945f194
SHA256

04a8838e9a255812f5a67c2c3106a9c3069978d88a76539c9b3e0f41ae26b65e
SHA512

f8b800e7ec5543e03aabd978c8c6901e7084fe2272045ef5a475022481702285870890a778c4af673f457d49ece75145ed5148a0ec7a9678a1c555a36e94888f
SSDEEP

3072:Mz5NeP8DP7H2hFNomm8M0H28Go7+tqa0ou8CXZddGbM7eggc4BrkPvTcV6832C5c:+eqH2h728Go7xFZGbchvQctmVJdpI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd5147975db0fbd5b2099c160f18d7b2_JaffaCakes118

Files

bd5147975db0fbd5b2099c160f18d7b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8c2a68e49a7e55432cf3a407778aa7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetKeyboardLayout

shell32

StrStrA
StrChrIA
ShellExecuteA
SHGetSpecialFolderPathA

kernel32

CreateFileA
lstrlenA
lstrcpyA
lstrcatA
WriteFile
Sleep
SizeofResource
RtlZeroMemory
LockResource
LoadResource
GetVersion
GetTickCount
GetModuleHandleA
GetCurrentDirectoryA
CloseHandle
CopyFileA
ExitProcess
FindResourceA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE