381e353f1fa3e21dd0dded7347555a46_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

381e353f1fa3e21dd0dded7347555a46_JaffaCakes118
Size

446KB
MD5

381e353f1fa3e21dd0dded7347555a46
SHA1

bec1ef03e00d9afc84f3609cebfaabadc4c81724
SHA256

02c263726653a90f02702d675848bdb966c1e8401cc6b93c7d3f4e9629e075c3
SHA512

c1d1c7154a48bf2564af1e2db87fe982be4eb19ba6af145756954544016a10fa2bb2171c004851194275c18883e9230fa649ef09a415a8aa38b754fa4f43af51
SSDEEP

6144:Hl9aFfj3EPwkDEwHl1o1s5jmbz989YVbdOK/lsEx0Oyq2ZOneSP/M6l1O0CrJK:F9alTa3HlgsNmN5Hl92q2oz3fOHrJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
381e353f1fa3e21dd0dded7347555a46_JaffaCakes118

Files

381e353f1fa3e21dd0dded7347555a46_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8d9e73fcb6bd596c7fa9109af2408708

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

WindowFromPoint
LoadStringA
GetClientRect
SetWindowTextA
LoadIconW
RemoveMenu
DefWindowProcA

kernel32

HeapReAlloc
LoadLibraryExA
SizeofResource
DeleteFileW
GetModuleHandleA
MultiByteToWideChar
GetCommandLineA
GetCurrentProcess
GetSystemTime
DeleteFileA
GetProcAddress
FindFirstFileW
OpenEventA
GetProcessHeap
ExitProcess
LocalAlloc
SetEndOfFile
CreateDirectoryA
LoadLibraryA
GetSystemTimeAsFileTime
VirtualAlloc
HeapSize
FindFirstFileA
Sleep
VirtualFree
GetFileType

msvcrt

??0exception@@QAE@ABV0@@Z
_controlfp

advapi32

RegOpenKeyExA
OpenServiceW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ