d4b760b5ce9c2b370eafc2c31406d95b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4b760b5ce9c2b370eafc2c31406d95b_JaffaCakes118
Size

141KB
MD5

d4b760b5ce9c2b370eafc2c31406d95b
SHA1

c621456b1b2bb37e57db594d249936c3c7b8992b
SHA256

e87e44dae8977d10f2ab10cc54efa2e14a37b3bb14d71324d198433116525a59
SHA512

f200f04faa13fdeed13c63bc026c378275914164c03c5f94cc96d0099cfab6716d9df4430d655391116968471560ccf6a69d6a91d1de25068dead26995859058
SSDEEP

3072:T49jxYzR9UE7mFSxVDrOh76gemeZgf1B3cM5yoWPEmsBPf:UNYLmFSxVG76gTnRczoJn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4b760b5ce9c2b370eafc2c31406d95b_JaffaCakes118

Files

d4b760b5ce9c2b370eafc2c31406d95b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e7cdefc13c3e6bed729ee7639bc1675b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
GetCurrentThreadId
GetModuleHandleA
DeleteAtom
HeapCreate
lstrlenW
ReleaseMutex
CreateMutexA
CreateFileA
GetPriorityClass
SetLastError
GetStdHandle
LoadLibraryExW
TlsGetValue
GlobalFree
CloseHandle
FindResourceA
SetEnvironmentVariableA
GetExitCodeProcess
GlobalUnlock

user32

DrawEdge
GetDlgItem
GetDC
CheckRadioButton
IsWindow
FillRect
CreateMenu
CreateWindowExA
DrawMenuBar
DispatchMessageA
GetIconInfo
SetFocus
CallWindowProcA

ntshrui

IsPathSharedA
GetLocalPathFromNetResourceA
GetNetResourceFromLocalPathA
IsPathSharedW
SetFolderPermissionsForSharing

msasn1

ASN1BERDecEoid

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wvpfsin
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE