16c885e8fe90e58fd635ac6c93ffb0ef_JaffaCakes118 | Triage

Sharing

General

Target

16c885e8fe90e58fd635ac6c93ffb0ef_JaffaCakes118
Size

165KB
MD5

16c885e8fe90e58fd635ac6c93ffb0ef
SHA1

0fcd451731aebe5122d0c568ba42b86cc10fb4c6
SHA256

b98e886885d4f2722531f51ff613d43b835a7b2a30ce03c3e94207dd20494390
SHA512

f9f7da63a4457a40d13ab5537823d493298a95c3feb2819015329aaae130acfcd7585ac66ad2234424b4940eb58a5ce07cff6daad74169f77203029a3cbcb668
SSDEEP

3072:3F/sioqVfIzPCf0J0SQkblBvBMG7Iua6qWSEsF+ljL4muQ4xC2gd+:3xsuficjervT7IuyWb4+WFv4+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16c885e8fe90e58fd635ac6c93ffb0ef_JaffaCakes118

Files

16c885e8fe90e58fd635ac6c93ffb0ef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4d89517640136f5186c7395aa6f7f87d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetWindowInfo
GetDC
GetAncestor
CreateWindowExW
MessageBoxW
LoadCursorW
RegisterClassExW
EndDialog

kernel32

lstrcpynW
TlsAlloc
CheckRemoteDebuggerPresent
TlsGetValue
EnumResourceTypesW
InitializeCriticalSection
TlsFree
TlsSetValue
GetStartupInfoA
GetFileType

winspool.drv

DocumentPropertiesW

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apexi
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ