dfc7bee56cc3ffc1bd280aebd036d5be_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfc7bee56cc3ffc1bd280aebd036d5be_JaffaCakes118
Size

114KB
MD5

dfc7bee56cc3ffc1bd280aebd036d5be
SHA1

9fb36fcd2db33a1af610798583e0a94106b3ce41
SHA256

0cf949ddd5d335b3e6048a9a4ab9835e378707142defd95ccafa33747dd2c981
SHA512

6311a87526a41c6ee6bd0f0f130073095f2260617401bed720f95137723a2db1d1e46d9915ca73daa820c5c0c0848478bf41ca65d8a2201f5e8e3aecb8720007
SSDEEP

3072:Yy2GLm+4KdmUR5j8byMK76I9DWU6ZnhQDZZxMr8aOdfU:x2OLxNV7jDWU6ZKyYaOs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfc7bee56cc3ffc1bd280aebd036d5be_JaffaCakes118

Files

dfc7bee56cc3ffc1bd280aebd036d5be_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1f95dc0235da0c6beef235df7c6f4fb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext

shlwapi

PathFileExistsW
PathFindFileNameW
PathMatchSpecW
PathRemoveFileSpecW
SHDeleteKeyA
StrCmpNIA
StrStrW
wnsprintfW

user32

CharUpperW
CloseWindowStation
FindWindowExA
GetDlgItem
GetForegroundWindow
GetIconInfo
GetWindowThreadProcessId
LoadCursorA
MsgWaitForMultipleObjects
OpenDesktopA
OpenWindowStationA
SetProcessWindowStation
SetThreadDesktop

Sections

.relez
Size: 40KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fgzol
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ngx
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ