be9a933c721a78aa8f64263b92831190_JaffaCakes118 | Triage

Sharing

General

Target

be9a933c721a78aa8f64263b92831190_JaffaCakes118
Size

524KB
MD5

be9a933c721a78aa8f64263b92831190
SHA1

e87b5c3f1073b341bf716a0bfa886d64601794c3
SHA256

c1f18fcd021690a29d0ba1d1a17f0cd085bbd9b03452d50277230de79afe503e
SHA512

45c09b711bdff1a2e404dee312359c8c0f0978c1e98b96606cacff814d4bfa36e5f6248110a6b0f35cad04b0321f6c9cb9eb889ed27a9a9693aa1adf58238475
SSDEEP

3072:dSK/q9+96x/12G3JNg+hyVXyipXUVhJWlz/kFn8zziX6KB7nvBTTR4KlvIZ+VYjq:zI+Mx/IG5NgHvfzizrvjxydYzh/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be9a933c721a78aa8f64263b92831190_JaffaCakes118

Files

be9a933c721a78aa8f64263b92831190_JaffaCakes118
.dll windows:4 windows x86 arch:x86

28a4cca47d662ac9505b0bca7e663c7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LoadLibraryA
LocalAlloc
GetThreadLocale
VirtualAllocEx
GetOEMCP
LoadResource
HeapFree
ExitProcess

version

GetFileVersionInfoSizeA
VerInstallFileA
VerFindFileA

shell32

Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetFolderPathA
SHFileOperationA
SHGetDiskFreeSpaceA

user32

DrawTextA
EnableWindow
EmptyClipboard
EnableScrollBar
IsCharLowerA
GetMenu
GetSysColorBrush
EnableMenuItem

Exports

Exports

e3m6reLy@8
MVhgtW3SX8sLF
_cSH2hxz0FK3I_P@16
02Rpl_nxG
_SzDXynnriKK@8
vZLEh8Vnw3CgXG
Aevpxt9@12

Sections

CODE
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 817B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.itdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ