f643ed2eef03461059a15a581a45352d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f643ed2eef03461059a15a581a45352d_JaffaCakes118
Size

8.6MB
MD5

f643ed2eef03461059a15a581a45352d
SHA1

ce8423ee365280205e0178cdd67d11247fd13758
SHA256

195d9c16ccfa6cb1f149091fa4ca954a06d18912d015d7482a69e0b7518749d3
SHA512

2904cf02d1f52d070708809aed1a390bcd4b9ce7ed299b0f40955447b3c181f7f83d6852339cd8a56d5e2a800bc72691901424ea5315910ef4cd5bef459cfd47
SSDEEP

98304:pSzmOYaTNhYikKJqduF1zllRT7RD0HutITTpKU:gzlfllRT76R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f643ed2eef03461059a15a581a45352d_JaffaCakes118

Files

f643ed2eef03461059a15a581a45352d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab7a86cd1dab873f80276a2b3701dafb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetKeyboardLayout

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

StrStrA
StrChrIA

kernel32

GetCurrentDirectoryA
lstrcatA
WriteFile
Sleep
SizeofResource
RtlZeroMemory
LockResource
LoadResource
CloseHandle
CopyFileA
CreateFileA
ExitProcess
FindResourceA
GetVersion
GetModuleHandleA
GetTickCount
lstrcpyA

urlmon

CoInternetCompareUrl

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE