09df2628975ca774540efebc796d3880_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09df2628975ca774540efebc796d3880_JaffaCakes118
Size

148KB
MD5

09df2628975ca774540efebc796d3880
SHA1

b758db5d594544e3d09faa146d1d4396c72e1046
SHA256

1d86a63394f0ae3966492c1857103b362e849d5d62931ee122b3ab8bf30a79fb
SHA512

d38966bbd1b67f03698ebf879be1ae7c7b752fd221d50c64093c638e7a7e016fda073e5ff3e0b3976f5ae6f0a186c4e6cf9dc9875a9cd81d43d6b9fdd99d0178
SSDEEP

3072:jR4VPnzEo4yXkcV0cMkTUQeljJatTu9AikZ6J:V4aoRFMDaZuWpZ6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09df2628975ca774540efebc796d3880_JaffaCakes118

Files

09df2628975ca774540efebc796d3880_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4af7b28c9773b8a22744e6cedf21731a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

Shell_NotifyIconA
SHGetFolderPathA
SHFileOperationA

kernel32

IsBadReadPtr
lstrlenA
LoadLibraryA
ExitThread
ExitProcess
GetCommandLineW
GetLastError
GetModuleHandleA
GetVersionExA
GetModuleHandleW
GetProcAddress
VirtualAlloc
lstrlenW
LoadLibraryExA

user32

CharLowerBuffA
CharToOemA
CallWindowProcA
CallNextHookEx
CharNextW
CharNextA
AdjustWindowRectEx
CharLowerA
BeginPaint
CharUpperBuffA

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 477B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 970B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ