0edaf564f1ae65bd97860d2532a484a9_JaffaCakes118 | Triage

Sharing

General

Target

0edaf564f1ae65bd97860d2532a484a9_JaffaCakes118
Size

162KB
MD5

0edaf564f1ae65bd97860d2532a484a9
SHA1

506abede9f6f0fc8bba2733406a8b0466a4a2780
SHA256

e67708a69e1e97d1490d7711980490896ec123a3558d13ff55ee08f9c3f00b5b
SHA512

3e42251ed3b871b3285599a93bc9c012fa64036ecffad88c7f5677347c48e54eb471ef01fb76747d7c90580ce9dc09df1d7756c65db9ce8d1124b6a5c2bef8b6
SSDEEP

3072:+AYUcovSl8ZTqRcn88C97Br3tU2zKntAf3Qumo2IDCx6ShEblVGSH:22vm8gRH8ixKtOmopehEGSH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0edaf564f1ae65bd97860d2532a484a9_JaffaCakes118

Files

0edaf564f1ae65bd97860d2532a484a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45dbd52022621a3f2104ed98326cdbe9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

LresultFromObject

kernel32

PrivMoveFileIdentityW
MoveFileW
lstrcpynW
UnmapViewOfFile
AddAtomW
LoadLibraryExW
GetStdHandle
WriteFile
GetProcessId
WaitForSingleObject
MapViewOfFile
LoadLibraryW
DeleteAtom
GetUserDefaultUILanguage
CloseHandle
DuplicateHandle
CreateMutexA
OutputDebugStringW
VirtualFree
EnumResourceTypesA
SystemTimeToFileTime
OpenProcess
CreateDirectoryW
ExitProcess
GetModuleFileNameW
VirtualAlloc
CreateFileMappingA
CreateEventA
ProcessIdToSessionId
CreateFileW
GetProcAddress
GetFileAttributesW
GetSystemTime
SetEvent
LoadLibraryA
ReleaseMutex
GetFileAttributesA
FindAtomW

user32

GetWindowInfo
LoadCursorW
RegisterClassExW
GetUpdateRgn
CreateWindowExW
MessageBoxW
GetDC
EndDialog

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apexi
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ