0b27ce7c26b9fdc33005cec1456746b4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b27ce7c26b9fdc33005cec1456746b4_JaffaCakes118
Size

128KB
MD5

0b27ce7c26b9fdc33005cec1456746b4
SHA1

b3f8508770fcb00f1a6b3c08f5eb43742e98cdac
SHA256

e849154c8ba5b4474feeb7a5d1c4505514edb927d69506ddc01c4a3d0e3b9fd0
SHA512

51f73477be6fd50238cd87ff82e473359a7d8bc17b205609d58d6892ae399f72ebc3e285710f7a7ce447fa59f6e074da6c550e820ee762d923fd42aa472023f2
SSDEEP

3072:E6Iu7qhXbwxld3eDeNxUyrYLQywnVNhT:9lwYdYLQ1nVb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b27ce7c26b9fdc33005cec1456746b4_JaffaCakes118

Files

0b27ce7c26b9fdc33005cec1456746b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d5f18f9cebedf49236b2823e121ca2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetDesktopFolder
SHGetFileInfoA
SHFileOperationA

advapi32

RegQueryInfoKeyA

version

GetFileVersionInfoSizeA

kernel32

VirtualAlloc
ExitProcess
GetProcAddress
lstrlenW
IsBadReadPtr
GetACP
GetModuleHandleA
GetCommandLineA
LoadLibraryA
GetCommandLineW
ExitThread

comctl32

ImageList_GetBkColor
ImageList_Destroy
ImageList_Read
ImageList_Add

shlwapi

PathFileExistsA
SHDeleteValueA
SHSetValueA
SHDeleteKeyA
SHQueryInfoKeyA
SHQueryValueExA
PathGetCharTypeA
SHEnumValueA
PathIsContentTypeA

user32

CheckMenuItem
GetMenuItemInfoA
DestroyCursor
GetCursorPos
DefMDIChildProcA
FindWindowA
SetCapture
SendMessageA
CharNextW
GetKeyboardLayoutList
SetFocus
SetWindowPos
GetKeyboardState
SetClassLongA
DestroyIcon
WaitMessage
EmptyClipboard
SetTimer
DrawEdge
KillTimer
PostQuitMessage

msvcrt

exp

comdlg32

FindTextA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ