f5a727d923ebae7ac55828d155bddfa0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5a727d923ebae7ac55828d155bddfa0_JaffaCakes118
Size

491KB
MD5

f5a727d923ebae7ac55828d155bddfa0
SHA1

12efbdeec6a6a35ce72a87cbcb8bc5765d177cd6
SHA256

e1929b92128a5e37050ad44f13e9a97a3c75b5d2aa8bd7edc8f750929e60b640
SHA512

e80f948690ae93a9e3071a67ea279ad2760f963775e9cef740aacaecd33a53c120ebfa84545448cf27b442574cdd2e09eb5145f207a95393c268bdb9122b0102
SSDEEP

12288:8V73Y2/zvEE5nMc/+0Frg4T4oOUHPDQqgV:8V7vF/jM4TRP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5a727d923ebae7ac55828d155bddfa0_JaffaCakes118

Files

f5a727d923ebae7ac55828d155bddfa0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

304378287f925e0f73cd232882cfe6e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostQuitMessage
EndPaint
MoveWindow
GetWindowRect
BeginPaint
MessageBoxA
LoadCursorA
DispatchMessageA
TranslateMessage
GetMessageA
GetDesktopWindow
LoadAcceleratorsA
LoadStringA
DestroyWindow
wsprintfA
CreateWindowExA
LoadIconA
SendMessageA
GetKeyboardState
GetParent
LockWindowUpdate
OpenClipboard
SetDlgItemTextW
MapWindowPoints
ModifyMenuW
LoadMenuW
GetMenuItemID
DefWindowProcA
SetFocus
LoadStringW
GetCursorPos
GetMenu
RegisterClassExA
ShowCaret

kernel32

GetModuleHandleA
GetCommandLineA
HeapAlloc
GetProcessHeap
GetCommandLineW
SetLastError
GetCurrentDirectoryA
GetSystemInfo
lstrcatA
CreateFileA
ExitProcess
GetLastError
lstrcmpA
lstrlenA
MapViewOfFile
GetStartupInfoA

comctl32

InitCommonControlsEx

shell32

CommandLineToArgvW

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ