fa6ed616c43b1d81193b9cb0af5d96b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa6ed616c43b1d81193b9cb0af5d96b9_JaffaCakes118
Size

41KB
MD5

fa6ed616c43b1d81193b9cb0af5d96b9
SHA1

a7158ca2560a1af95bef0f94ac63149c4171d5ff
SHA256

7c00717d96825db050a6f01067a8b89ac6e2f47a0e0738aa8c69e9a349b6a63c
SHA512

97152a77efdee3b3097ff75288cc3b8fbb5e8112fa873ab621940c78f43d6cd5200c5222dd09f27194b1eda54f250829c4d442d56a829b141e34672fd6b32061
SSDEEP

768:lvIiQq3bSqgryqzpy5NNY2GMensjeuQODF2vF3+9i3fr9zPjGjh7X4+wU:lvz9bSPryqyNNlesjPQWF2vF3+9i3fr8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa6ed616c43b1d81193b9cb0af5d96b9_JaffaCakes118

Files

fa6ed616c43b1d81193b9cb0af5d96b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f0ee1926e5728f71b6786bc6d7692aba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceTypesA
ExitProcess
FillConsoleOutputCharacterA
GetDriveTypeA
GetProcessAffinityMask
GetProfileStringA
GetVolumeInformationW
PulseEvent
RequestDeviceWakeup
lstrlenA

advapi32

AccessCheckAndAuditAlarmW
ChangeServiceConfigA
CopySid
CryptHashData
CryptSetKeyParam
DeregisterEventSource
GetMultipleTrusteeW
GetSecurityInfoExA
RegEnumKeyExW
RegEnumValueW
RegQueryValueA
RegisterServiceCtrlHandlerW
SetSecurityInfoExA

user32

EnumChildWindows
FreeDDElParam
IsDlgButtonChecked
SendMessageTimeoutW
SetShellWindow
SetWindowsHookA
SystemParametersInfoW

shell32

Control_FillCache_RunDLL
DllCanUnloadNow
DllGetVersion
ExtractIconExA
ExtractIconResInfoA
FreeIconList
RealShellExecuteW
SHGetDesktopFolder
SHGetPathFromIDListW
SheChangeDirExW

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE