dd5caaf5c9876854a419330509d96497_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd5caaf5c9876854a419330509d96497_JaffaCakes118
Size

50KB
MD5

dd5caaf5c9876854a419330509d96497
SHA1

9fd8ae924ae082edb1faa8cf3d481e601cc8ec96
SHA256

0452e61207e9ac9dbad3bf5449c3400ab61018fafcd0f271b02a5b7381ef3a32
SHA512

d552bb5c1ce89c3a87303b16442d492c4c869ec5b9cb9738bed742efacafe48d930c2cc33941fab707821b4a91e2409c97e0aac3a08e84b94a31bdc102371b2a
SSDEEP

768:cq7/FF+8IJwOBDw0v+Vk8CDyv376t6E4Lfk9lBCiiMpp7HwK7GmHVjj+x:r/a8I1Dw4SBjmt6RAVppsKqm1a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd5caaf5c9876854a419330509d96497_JaffaCakes118

Files

dd5caaf5c9876854a419330509d96497_JaffaCakes118
.exe windows:4 windows x86 arch:x86

90a507bc805c3a28ffd5df7e02b9262e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileA

kernel32

Sleep
SetCurrentDirectoryA
CreateDirectoryA
lstrcpyA
ExitProcess
GetModuleHandleA
GetCommandLineA
FreeResource
CloseHandle
WriteFile
LockResource
CreateFileA
SizeofResource
LoadResource
FindResourceA
DeleteFileA
RemoveDirectoryA
GetTickCount
lstrlenA
lstrcatA
GetExitCodeProcess
WaitForSingleObject
SetFilePointer
ReadFile
GlobalFree
GlobalAlloc
GetLocaleInfoA
GetSystemDefaultLCID
GetVolumeInformationA
GetWindowsDirectoryA
GetTempPathA
HeapFree
GetProcessHeap
HeapAlloc
CreateProcessA

user32

wsprintfA
CharUpperA

advapi32

RegCloseKey
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ