ee9623dea7665e11da2696af3eddd612_JaffaCakes118 | Triage

Sharing

General

Target

ee9623dea7665e11da2696af3eddd612_JaffaCakes118
Size

453KB
MD5

ee9623dea7665e11da2696af3eddd612
SHA1

a1eba81c40bb6353ed10d7e25eca1d0e4dabc6c4
SHA256

e0db9cf9b894d53b0df1138e58dfb80398d8d9b3e384e3dedc490d23d19ebd4a
SHA512

9703efc8a1ceb03a4a0792a6dea5c3d5da0404a17a8c8f83f98f0ac73d4f11d7c4ec367d2b3528543314fa82124efa244bbec90af15e789ef61148c48d9d697c
SSDEEP

12288:4APHVWZD16FRKKMhMqoHs+AQIr9fEIW60yHA:N/VWZDMb8oHs+AhrZu6FHA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee9623dea7665e11da2696af3eddd612_JaffaCakes118

Files

ee9623dea7665e11da2696af3eddd612_JaffaCakes118
.exe windows:5 windows x86 arch:x86

39cd4956c56495724be1ea6b5220e5c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext

kernel32

GetCommandLineA

shlwapi

PathCombineW
PathFindFileNameW
PathMatchSpecW
PathRemoveFileSpecW
StrCmpNIA
StrCmpNIW
wnsprintfW
wvnsprintfA

user32

FindWindowExA
GetCursorPos
GetDlgItem
GetIconInfo
GetWindowThreadProcessId
LoadCursorA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetProcessWindowStation
SetThreadDesktop

Sections

.vshkp
Size: 42KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mvijoz
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vad
Size: 6KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ