2803578d169f866c95702caa0cce5707_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2803578d169f866c95702caa0cce5707_JaffaCakes118
Size

122KB
MD5

2803578d169f866c95702caa0cce5707
SHA1

29c375456c2c548dbe5cee615741ca0e3306a020
SHA256

0e311f296ab88c970727ef64e4050c6709285f4b828a7f6ede9b1353afaae20c
SHA512

de86ea40eabaae18dada6dc8e98d5eb6271125b21e8c65a33381ffbf3ed10051bfb9c45e99046caf83781a6d6ec1294a039b03f37fd43c79d242dcd412ea32ac
SSDEEP

3072:Rpbs6tNG/TbfEalo8Rs20G1+PzELV+UQKkKDjJktNxfMN:RpbsoyTbfTo4sLPwB+UQKv2tXm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2803578d169f866c95702caa0cce5707_JaffaCakes118

Files

2803578d169f866c95702caa0cce5707_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1441c7916941d8fdfedcc31322331c76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileW
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FindResourceA
FindResourceW
GetConsoleOutputCP
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempFileNameA
GetVersionExA
IsDebuggerPresent
LoadLibraryA
UnhandledExceptionFilter
VirtualAlloc
VirtualFree

user32

CreateWindowExA
MessageBoxA
SetFocus

gdi32

CreateDIBitmap
CreatePen
DeleteObject
GetEnhMetaFileHeader
GetStockObject
SetWinMetaFileBits

shell32

DragFinish
SHGetSpecialFolderPathA
ShellExecuteW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1001B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ