16764a7155cd98c6db2a00cfd973fd1f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16764a7155cd98c6db2a00cfd973fd1f_JaffaCakes118
Size

76KB
MD5

16764a7155cd98c6db2a00cfd973fd1f
SHA1

41834c0beeba991fa015e0ad9d896beec89debc6
SHA256

1e539834b49cdd7447297ec94220bc07913428466c274b9336a46bdf9e55f933
SHA512

af0413942cdd2d829896e132b080707dc5ee420db3ccd1ee020f4f16423cc7d7421bbc9c28679cf4c7baeba2a055a81b77977f6233f409dc24195a0451d355a9
SSDEEP

1536:UubLreJpChxuf90nNDaMODo9IpUnm8wjBiK3xwXHsNMT:hmf0nBhODXBLhUT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16764a7155cd98c6db2a00cfd973fd1f_JaffaCakes118

Files

16764a7155cd98c6db2a00cfd973fd1f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1e0d9dd804e986ddf752aeb478cc09d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetModuleFileNameA
LoadLibraryA
VirtualAlloc
lstrcatA
lstrcpynA
DuplicateHandle
lstrcpyA
FreeConsole
GetModuleHandleA
GetACP
CloseHandle
GetLastError
SetLastError
GetCPInfo
GetBinaryTypeA
UnlockFile
ExitProcess
LockFile
CreateFileA
GetCommandLineA
OutputDebugStringA

user32

SetTimer
KillTimer
GetProcessWindowStation
CreateMenu
GetQueueStatus
GetParent
GetProcessDefaultLayout
MessageBoxA

gdi32

DeleteObject

comdlg32

ChooseFontA

ole32

CoInitialize

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ