c893244898c35e09d19aef1e21087f74_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c893244898c35e09d19aef1e21087f74_JaffaCakes118
Size

7.4MB
MD5

c893244898c35e09d19aef1e21087f74
SHA1

bb79a113fc742cc6147cb6bd6051fec11e212c28
SHA256

a1c7ef12464cbef554c1a86b0d00ef1de7aa3645192b38714c0d7576d76ca315
SHA512

3e64502651f59d74e0ce7d83cf20135909831dc2267aac4466d69df047f1865bbb41b9e07b7660c97fd0df3ce39183c7ea1fefee7c1066ac2df501850f9f5b5a
SSDEEP

98304:GXMRv7ofq1G+v1kf+yuWbrJJja1MX9LrnQANavzvWiP0JFPa/qH7YcScGl8RVW5C:ynq1Xv1kfMcrJJOI92vzb8jHsZl7kiS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c893244898c35e09d19aef1e21087f74_JaffaCakes118

Files

c893244898c35e09d19aef1e21087f74_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a430911443e47e002c5f58baa4f9fb8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam

kernel32

GetProcessHeap
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

OpenClipboard
MessageBoxA

gdi32

DeleteDC

shell32

SHBrowseForFolderA

shlwapi

PathFileExistsA

comdlg32

GetOpenFileNameA

imagehlp

MakeSureDirectoryPathExists

imm32

ImmGetIMEFileNameA

ntdll

ZwSetInformationThread

msvcrt

_ftol

ole32

CoUninitialize

oleaut32

SafeArrayUnaccessData

Sections

oO��
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oO��
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oO��
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ