d61462321633420c0ba9dfceb78fb3d2_JaffaCakes118 | Triage

Sharing

General

Target

d61462321633420c0ba9dfceb78fb3d2_JaffaCakes118
Size

54KB
MD5

d61462321633420c0ba9dfceb78fb3d2
SHA1

4e4b59fb5d2f0ea9a165b6c7cc99e408c2cee173
SHA256

c01c24cfd930a133e3220e456597ea6afefee508355f53a92eb7c6d3a4b58f67
SHA512

8328d6eccb2c7e6268e216d8deca7e422c3bea4800e0685177f2eddeb1063bd75c146aac40e9a37d69c378276d444e872a82dbe77b85a9a1e71ab2ad4f9112cc
SSDEEP

768:XGYo1+tSJirg5KC8QR+hBTZZ2CFRl+fstWmep/ANHZDeEi1EE0c+4O:RueRN03ERKicc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d61462321633420c0ba9dfceb78fb3d2_JaffaCakes118

Files

d61462321633420c0ba9dfceb78fb3d2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c11c50ff151702995156974c2938ec23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\SZ007ELoader\SZ007ELoader\Release\SZ007ELoader.pdb

Imports

ntdll

strrchr
memset
memcpy

shlwapi

PathRemoveExtensionA

kernel32

ExitProcess
LoadResource
FindResourceExA
GlobalAlloc
SizeofResource
GlobalFree
LockResource
GetThreadContext
SetThreadContext
GetCommandLineA
CreateProcessA
TerminateProcess
GetStartupInfoA
GetProcAddress
VirtualAllocEx
LoadLibraryA
GetModuleHandleA
GetCurrentDirectoryA
CloseHandle
WriteProcessMemory
ResumeThread
CreateFileA
DeleteFileA
FreeLibrary
UpdateResourceA
EnumResourceTypesA
EnumResourceLanguagesA
ReadFile
lstrcatA
CopyFileA
BeginUpdateResourceA
GetModuleFileNameA
EnumResourceNamesA
EndUpdateResourceA
GetFileSize

user32

DialogBoxParamA
wvsprintfA
IsDlgButtonChecked
MessageBoxA
EndDialog
GetDlgItem
SendMessageA
CheckDlgButton

comdlg32

GetOpenFileNameA
GetSaveFileNameA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 432B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ