03653a4d08064172ea6c33f054b6c8f6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03653a4d08064172ea6c33f054b6c8f6_JaffaCakes118
Size

108KB
MD5

03653a4d08064172ea6c33f054b6c8f6
SHA1

a2577b9d613af46168596f176df9ff4797a27f57
SHA256

214862016db8c5c8da3ef706224257a753aae70d587e91bf2185998662814d47
SHA512

c5b34fe2e1cfc89e57318bda5e410303416f85693d1d4477f847a396f1710ee308f12eccff90574df5476674aba51e66a985addaf019a1033aa6a2060e1bcec7
SSDEEP

1536:hXQd7K95Ns7mgO+8R1111ysnNJ4G0N4BEoQar7dLHL9ds7mzgMd1g6iw/:RQU9Q7BjEfJlQafdXwQvbiG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03653a4d08064172ea6c33f054b6c8f6_JaffaCakes118

Files

03653a4d08064172ea6c33f054b6c8f6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

801b534032be8ecb55d9fd611e31d396

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetCommandLineA
CloseHandle
GetDriveTypeW
GetModuleHandleA
DeleteFileA
GetFileTime
GetStartupInfoA
Sleep
GlobalFlags
FindClose
lstrlenA
DeviceIoControl
CloseHandle
GetExitCodeProcess
WriteFile
GetTickCount
GetConsoleTitleW
GlobalSize
HeapCreate

user32

BeginPaint
IsZoomed
DrawTextW
GetWindowLongW
PeekMessageA
SetFocus
LoadImageA
DispatchMessageA
GetParent
DestroyWindow
CallWindowProcW
DispatchMessageA
FillRect

hhsetup

??0CFolder@@QAE@XZ
??0CFolder@@QAE@XZ
??0CFolder@@QAE@XZ
??0CFolder@@QAE@XZ

wininet

FtpCommandA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE