da99c781883c10160f7a28cb1fedfb52_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da99c781883c10160f7a28cb1fedfb52_JaffaCakes118
Size

65KB
MD5

da99c781883c10160f7a28cb1fedfb52
SHA1

95ddddaa51f68555f5ff23f9488402907542b110
SHA256

9cfca5e60f88688bb6da634cabc0c90814ba54080f5b8425d335372072a19829
SHA512

d6031b3e4c01ae0bf5e2dff71552ed02add0b7ebd04ba8a3cdf13dd96adfeb8bff89d93d6003f20f51d500f2c33d77a63954f9163a83b87f694ce679315c3bd5
SSDEEP

1536:sdz48+aCZiA6uIKovXiS/6XimLECGkhzUldDq8X:sdz1+O2E/4ymg3ke7X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da99c781883c10160f7a28cb1fedfb52_JaffaCakes118

Files

da99c781883c10160f7a28cb1fedfb52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

059ee352a66f7a384f298a21f0bcc66b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetOEMCP
VirtualAllocEx
LoadLibraryA
Sleep
ExitThread
ExitProcess

user32

EnableWindow
EnableScrollBar
EnableMenuItem

shell32

Shell_NotifyIconW
SHGetDiskFreeSpaceA
SHFileOperationA
SHGetFolderPathA
Shell_NotifyIconA

Exports

Exports

_XJGOp1X@24
eneQE8UX3X
_mVO8W3UY
_m6bAw@16
_uFZFlPwWichWYL@8
_2SY71YPoyCY5@20
AKu1NBW33E
R6yHjTWTU0fPz3

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/0/DIALOG/TEXTFILEDLG
.rsrc/0/MANIFEST/1
.xml
.rsrc/0/RCDATA/DVCLAL
.rsrc/0/STRING/4094
.rsrc/0/STRING/4095
.rsrc/1033/BITMAP/BBABORT.bmp
.rsrc/1033/version.txt
.text