fee9c59d060e2acb4cf302ce5a6111c5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fee9c59d060e2acb4cf302ce5a6111c5_JaffaCakes118
Size

128KB
MD5

fee9c59d060e2acb4cf302ce5a6111c5
SHA1

f1f9a27e458749e45a2803e6dd2cb7ad2824be67
SHA256

1f704e5e11965a3f7cb07fd1dd498e260a145415defd4b4303d895c68a50e561
SHA512

200dad538165147c1d4401a94cd3d20678e2353c14c1b8b1fb8fe4bb3eef2f6c17818b3e66c959797921b8acd004296aabe780fe937d93d9fce616f99ed709c0
SSDEEP

3072:E6Iu7qhXbwxBd3eDeNxUyrYLQywnVNhT:9lMYdYLQ1nVb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fee9c59d060e2acb4cf302ce5a6111c5_JaffaCakes118

Files

fee9c59d060e2acb4cf302ce5a6111c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d5f18f9cebedf49236b2823e121ca2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetDesktopFolder
SHGetFileInfoA
SHFileOperationA

advapi32

RegQueryInfoKeyA

version

GetFileVersionInfoSizeA

kernel32

VirtualAlloc
ExitProcess
GetProcAddress
lstrlenW
IsBadReadPtr
GetACP
GetModuleHandleA
GetCommandLineA
LoadLibraryA
GetCommandLineW
ExitThread

comctl32

ImageList_GetBkColor
ImageList_Destroy
ImageList_Read
ImageList_Add

shlwapi

PathFileExistsA
SHDeleteValueA
SHSetValueA
SHDeleteKeyA
SHQueryInfoKeyA
SHQueryValueExA
PathGetCharTypeA
SHEnumValueA
PathIsContentTypeA

user32

CheckMenuItem
GetMenuItemInfoA
DestroyCursor
GetCursorPos
DefMDIChildProcA
FindWindowA
SetCapture
SendMessageA
CharNextW
GetKeyboardLayoutList
SetFocus
SetWindowPos
GetKeyboardState
SetClassLongA
DestroyIcon
WaitMessage
EmptyClipboard
SetTimer
DrawEdge
KillTimer
PostQuitMessage

msvcrt

exp

comdlg32

FindTextA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ