fdea966876bea6487a90b7437cb865b8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdea966876bea6487a90b7437cb865b8_JaffaCakes118
Size

32KB
MD5

fdea966876bea6487a90b7437cb865b8
SHA1

63641cb16ffc44feaa0544d01eae58e7a6a5fe1b
SHA256

0963b67f6063d9e10b265348506d462d77634e1ba9a59cb1f497557730b0b96b
SHA512

d246675a13d99ae621c05325c2ba5144c01182ef01f201e8edebffe4b7742dcf1c34eaed0ff3445a1279b6eef4fc5fa3581edf49baefaa083b43888514f42af1
SSDEEP

384:2MktQRL968+8ArquosUA6YWb4ooCBfhwQGfV1GfsGBFYSHjw3QjlBKFCYoz73z9i:d9EXrQABnm5wQGinYS5Bf3zfd0Q9kR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdea966876bea6487a90b7437cb865b8_JaffaCakes118

Files

fdea966876bea6487a90b7437cb865b8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dd612194048bcddba3c028cc2cef91cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
StrToIntW
StrStrIW

user32

IsRectEmpty
SetMenuItemBitmaps
GetKeyboardLayoutList
CreateWindowExW
PostThreadMessageW
RegisterClassW
ShowScrollBar
CopyRect
CharLowerBuffW
DialogBoxParamW
ChildWindowFromPoint
SendDlgItemMessageA
FrameRect
DrawStateW

gdi32

ExtTextOutA
CreateDCW
CreateFontIndirectW
PolyBezier
GetTextExtentPointA
GetCurrentObject

ntdll

_wtoi

kernel32

TerminateProcess
SetCurrentDirectoryA
GetCurrentProcess
DeleteCriticalSection
SuspendThread
ReadFile
lstrcpyW
lstrcatW
_lcreat
FindResourceExA
MoveFileA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ