15b04177dd6c443d13ebb539854f1d5e_JaffaCakes118 | Triage

Sharing

General

Target

15b04177dd6c443d13ebb539854f1d5e_JaffaCakes118
Size

282KB
MD5

15b04177dd6c443d13ebb539854f1d5e
SHA1

c4843eea473c8ec8a56ea6f7d706e04bf2637306
SHA256

dd9a6539e657d39b869e630c22f5563c500a268a5aafcd35187dbc20b253ac4f
SHA512

a16053db0f3fb5832065e7f1585d0c6e384ac0aebe6428b14eb3f1161d0393761da17a3c06d7a117bc4754a36a4a0d000b2e183e130dff3c8b39138ad64c5692
SSDEEP

6144:t7LbwoSagKCudxFRbQ//AICkB7LRVuwZfa:t7LbwoS5Je0Cw7KwZa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15b04177dd6c443d13ebb539854f1d5e_JaffaCakes118

Files

15b04177dd6c443d13ebb539854f1d5e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c4a54ef90b69ed277f7cb6105b27bf80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetKeyboardLayout
GetDoubleClickTime

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

StrStrA
StrChrIA

kernel32

GetModuleHandleA
lstrcatA
WriteFile
Sleep
SizeofResource
RtlZeroMemory
LockResource
LoadResource
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeLibrary
GetCurrentDirectoryA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetTickCount
GetVersion
lstrcpyA

urlmon

CoInternetCompareUrl

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE