5428f138a14e8fdf506f6bd0204fe090_JaffaCakes118 | Triage

Sharing

General

Target

5428f138a14e8fdf506f6bd0204fe090_JaffaCakes118
Size

67KB
MD5

5428f138a14e8fdf506f6bd0204fe090
SHA1

52568370c49b13b28ef36da2113d9679c05797f2
SHA256

ff14dcce14f73bfc787fe3875e9749163aae61be9144fd6be0bacb8ef09972ee
SHA512

b59f2b49990e726610d3dc1974008998cd5eb4b77f9f90d8067001d614a71c3cc1401523994ac72bb956deef5a49352d00dfe0b8beb0ff0ced8a1ff4bb2502d8
SSDEEP

1536:9lk1636gsaBOQCNH1an5f6wsMvVFCqiRJoxUim1xB:I1636sBOTH1an5f6wXvtyJsf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5428f138a14e8fdf506f6bd0204fe090_JaffaCakes118

Files

5428f138a14e8fdf506f6bd0204fe090_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f4ca392e83ad5074d041287885bd7a4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetClassLongA
IsCharLowerA
GetActiveWindow
IsMenu
LoadBitmapA
GetProcessWindowStation

kernel32

lstrcatA

shlwapi

StrCSpnA
ChrCmpIA
PathIsPrefixA
PathGetDriveNumberA
UrlGetPartA
UrlCompareA
StrPBrkW
PathIsSameRootA
PathMakePrettyA
StrToIntW
PathIsRootW

Exports

Exports

?LormDelete@@YGXUverifyEw@CA7
?LormSelect@@YGXUverifyEw@CA7

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.void
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zero
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.one
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.null
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ