394895824af7d4cf493141e4200684c5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

394895824af7d4cf493141e4200684c5_JaffaCakes118
Size

13KB
MD5

394895824af7d4cf493141e4200684c5
SHA1

a08085635641b18c50bfd60f8f44e79069179601
SHA256

b1f80380efe1d84a48d4449c115ff981bfcccf212f2eb68c3672a446875e2f09
SHA512

380a394f4ecf3d2542309640147d17e57cc0ba5163755dde0d32c5dd030ef7b98ab708aa5c2cdefe5b29b59f2b5837fb38ef009247656f5bbe9a4de118212ac9
SSDEEP

384:4zvBIVnZfDDYSXQxRmKEjvWWWRt94NiDwZ1jkPR:hLRzdWRbHDwZmP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
394895824af7d4cf493141e4200684c5_JaffaCakes118

Files

394895824af7d4cf493141e4200684c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0d6e81759d3d86858e07a6c79f2d57c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA
Shell_NotifyIconA

kernel32

GetModuleHandleA
CloseHandle
ReadFile
GetFileSize
CreateFileA
HeapFree
WriteFile
HeapAlloc
GetProcessHeap
lstrcatA
ExitProcess
lstrlenA
CopyFileA
CreateThread
CreateProcessA
GetLastError
CreateMutexA
OpenMutexA
CreateDirectoryA
Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
GetModuleFileNameA
GetWindowsDirectoryA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

user32

TranslateMessage
GetMessageA
CreateWindowExA
Regi
Di
SendMessageA
DefWindowProcA
Po
LoadCursorA
LoadIconA

urlmon

URLDownloadToFileA

shlwapi

PathFileExi

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ