02797780bd0687a37667ee92ae278520_JaffaCakes118 | Triage

Sharing

General

Target

02797780bd0687a37667ee92ae278520_JaffaCakes118
Size

461KB
MD5

02797780bd0687a37667ee92ae278520
SHA1

2a9d7e128e6b6cf544706a99f661494822782935
SHA256

e5b6b6cd0394b1a375e54d07a1ed5946ebcf5535e94b5140e79a75584a35e9a2
SHA512

02d940bd0fef9d1e8b1357d4bc0c0ff639c4414df34bdaf37b7aac21fe200a1b1e6d7d480d9d58d06eb2fe3a761b0d26f75ab6e53582a3952356d7083dd4b105
SSDEEP

6144:KOY8HrTzmm28QeXWaK8mjI7683P9pBG9dSKoVZuLCCi9UBJoWTM6nptf1:9Ll283hLlzM84CCXBOWTM6p91

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02797780bd0687a37667ee92ae278520_JaffaCakes118

Files

02797780bd0687a37667ee92ae278520_JaffaCakes118
.exe windows:4 windows x86 arch:x86

86d38cdc051f265de069ed68c27ad0d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ord2
ord5

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualProtect
Sleep

user32

SendMessageA
GetNextDlgGroupItem
DrawTextA
GetTabbedTextExtentA

gdi32

GetKerningPairsA
GetCharWidth32A
GetCharABCWidthsA
EnumFontsA
SetTextColor
AddFontResourceA

msvcrt

_exit
_XcptFilter
_cexit
_c_exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
exit

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.udata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ