fa4aebadf5de81c96700f6dfd10414b6_JaffaCakes118 | Triage

Sharing

General

Target

fa4aebadf5de81c96700f6dfd10414b6_JaffaCakes118
Size

256KB
MD5

fa4aebadf5de81c96700f6dfd10414b6
SHA1

5d8a0927c64d84d915a69724548b0f597b7222dc
SHA256

4b6cc0240285aa6434defea9c850df03862c554c976c7853ff1c99f72f5c109d
SHA512

a8697cce432369dfe626f62b5f6c1c2c3bb381654e407d0b2595418ab5160435c2fafaa779519c68c6d42b6ac61242a17e4223349e8238ae8304f996509c65ab
SSDEEP

6144:lpuVDprJQgz/hhMd2rgQ2yFYbFplzce6IT:lpu/FQgz5CJpflzXT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa4aebadf5de81c96700f6dfd10414b6_JaffaCakes118

Files

fa4aebadf5de81c96700f6dfd10414b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8a892c55258c0f08e02a239e59d81422

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
ExitProcess
FormatMessageA
LoadLibraryA
VirtualAllocEx
GetLastError
FindResourceA
FreeLibrary

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyExA
GetLengthSid

user32

GetClassInfoA
GetCapture
FillRect
FindWindowA
GetCursor
GetActiveWindow
GetMenu

shell32

Shell_NotifyIconA
SHGetSpecialFolderLocation
SHFileOperationA

Exports

Exports

nglw7@4
_8dNgweXYjNEI
_Yx4Q6Goq@16

Sections

CODE
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 710B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hidata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ