01c287f7f17313737a9c972d5eb04385_JaffaCakes118 | Triage

Sharing

General

Target

01c287f7f17313737a9c972d5eb04385_JaffaCakes118
Size

198KB
MD5

01c287f7f17313737a9c972d5eb04385
SHA1

906f9f97c3d0ead34b106e8907369b99dcfe3fbb
SHA256

f41a62c42633dd5642a745ff7e95ca76b0143dadf0fc36506c9c6d4c23bea576
SHA512

df69a573fc4f8b31967f36e42c07f40bd8dcf8d714f8243176a3d6e24a72642df49cca77a600ea65e33ddaabb7c4eb64b0c63a6dfb2387044801d6f283205384
SSDEEP

6144:QJ4nKYkTzIryLTbcTSjmiGCIXq/uGrDpMLeq8N:QJ4nKeITY+jmi+aWeDI8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01c287f7f17313737a9c972d5eb04385_JaffaCakes118

Files

01c287f7f17313737a9c972d5eb04385_JaffaCakes118
.exe windows:18962 windows x86 arch:x86

72520fe477cc06a5dcaae800017cb2fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
GetCommandLineW
FormatMessageW
VirtualAlloc
SetUnhandledExceptionFilter
LoadLibraryA
GetModuleHandleA
GetACP
VirtualFree
GetModuleHandleW
GetModuleHandleW
VirtualAlloc
lstrcmpiW
GetProcessHeap
GetProcessHeap
VirtualFree
GetLastError
GetACP
ExitProcess
lstrcmpiW

user32

DefWindowProcW
UpdateLayeredWindow
SendMessageW
GetDlgItem
SendMessageW
PostMessageW
GetWindowRect
GetDlgItem
GetDlgItem
LoadStringW
LoadIconW
CreateWindowExW

gdi32

GetObjectW
SetBkMode
CreateBitmap
GetStockObject

shell32

ShellAboutW
SHGetDesktopFolder
SHGetDesktopFolder
SHGetFileInfoW
DragFinish
ShellExecuteExW
ExtractIconW
SHGetFolderPathW

advapi32

RegEnumValueW
RegQueryValueExA
RegOpenKeyW
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegQueryValueExW
CloseServiceHandle

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ