3029aa2ee184fa1f3cd10f3cd6d389ec_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3029aa2ee184fa1f3cd10f3cd6d389ec_JaffaCakes118
Size

116KB
MD5

3029aa2ee184fa1f3cd10f3cd6d389ec
SHA1

d1210c28e8da1aea9716ac9a84a63a88c237dbdd
SHA256

a5c29869a6dd68b93e95901498572674dc19233c32f5972c8de83662e42cd5ac
SHA512

7b6370092f8f2bf28a95e220d089fcd49656ae80a7b6a9976415bcbbec7385b541c6160267556a8147316cc7469dd0630c65b2769fbc5f498475af8404c1a74c
SSDEEP

1536:lWkRU0HoPtmdFAe5ajgHLIoCy+ISzUw/PxHuDiVDXTKqgxOAh0ST:fnIFE+e5aCWhF/JOQejOAVT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3029aa2ee184fa1f3cd10f3cd6d389ec_JaffaCakes118

Files

3029aa2ee184fa1f3cd10f3cd6d389ec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

43bc5ebe9df55a6ca8e250e38227c90f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapValidate
VirtualAllocEx
GetSystemDirectoryA
WriteConsoleOutputCharacterW
LZClose
GetPrivateProfileSectionNamesW
ExitProcess
GetCommandLineW
PulseEvent
LZCloseFile
UnlockFile
EnumResourceTypesA
GetCurrentProcess

user32

ShowWindowAsync
CharLowerBuffW
InvalidateRgn
CharToOemBuffA
GetDesktopWindow
SetMessageQueue
CloseWindowStation
GetDCEx
LockWindowUpdate
DestroyCaret
GetWindowWord
RealGetWindowClassA

shell32

SHGetFolderLocation

Sections

.text
Size: 104KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbbs
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ