06df07e249c38a308d34d5556dae1032_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06df07e249c38a308d34d5556dae1032_JaffaCakes118
Size

289KB
MD5

06df07e249c38a308d34d5556dae1032
SHA1

da3d94e046c36d653f28851bb395f491a97b0d07
SHA256

9c5c046b65e2bc3e808f146f520da7e70cde53cb7027e287280ace96ef612280
SHA512

70333719fe9b9e785252ea75bb9a208a0d54dc55d85f541e6c09a7e78af567e6cf3afb8ec87ef2dc213da24e89d4930c1bb48d8419d05abfd0cb8f42a74530ca
SSDEEP

6144:1aiD+7TQV43AsGukTcHi0YwoJivhqcwh/S3mb4N12JQsf2asvU:1aiDIQ43clTcz5vhqh/sJN12J12asvU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06df07e249c38a308d34d5556dae1032_JaffaCakes118

Files

06df07e249c38a308d34d5556dae1032_JaffaCakes118
.exe windows:1 windows x86 arch:x86

25efa0b331253ece50b675cdda9cd38c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

MoveToEx

kernel32

CloseHandle
CreateFileA
ExitProcess
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetVersionExA
GlobalAlloc
GlobalFree
GlobalReAlloc
LoadLibraryA
MultiByteToWideChar
ReadFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile
VirtualAlloc
RtlMoveMemory

ole32

CLSIDFromProgID
CoCreateInstance
CoInitialize
CoUninitialize
ProgIDFromCLSID

oleaut32

GetActiveObject
SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

CreateDialogIndirectParamA
CreateDialogParamA
CreateWindowExA
DialogBoxIndirectParamA
DispatchMessageA
GetMessageA
TranslateMessage
DialogBoxParamA
GetWindow

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ