b6cc2bb6cf2f0ce8dd6f45de0515bc90_JaffaCakes118 | Triage

Sharing

General

Target

b6cc2bb6cf2f0ce8dd6f45de0515bc90_JaffaCakes118
Size

94KB
MD5

b6cc2bb6cf2f0ce8dd6f45de0515bc90
SHA1

f56dbc0ec568a78ce3daef2117337ef4632b6120
SHA256

26827c1bd3c5933dfed1b971fe932907cd1914cd0df8e4c06c3f8753aab72c6c
SHA512

a5ce33bfad32cd9e6c6656a9a4b51fc5fcbc656ec8885a24a1cc010a02e0b34d3f5ac58bf249cadcdc0d81fce644d54cc0c8f30811ac2875770dbe706c004a2f
SSDEEP

1536:fQNHMsjm7SQCNH1an5f6wsMvgvC4ruQqZNrzLfn3faEWkXH7l6uS2x:4NHI7STH1an5f6wXvg64rJYN7fCV456j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6cc2bb6cf2f0ce8dd6f45de0515bc90_JaffaCakes118

Files

b6cc2bb6cf2f0ce8dd6f45de0515bc90_JaffaCakes118
.exe windows:5 windows x86 arch:x86

af84f9fc27b2b3739f2cd4d036662879

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadBitmapA
IsMenu
GetClassLongA
GetActiveWindow
IsCharLowerA
GetProcessWindowStation

shlwapi

ord29
StrCSpnA
UrlGetPartA
PathIsSameRootA
ChrCmpIA
StrPBrkA
StrStrW
UrlCompareA
PathIsRootW
PathGetDriveNumberA
StrCmpNW

kernel32

lstrcatA

Exports

Exports

?LormDelete@@YGXUverifyEw@CA7
?LormSelect@@YGXUverifyEw@CA7

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.one
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.void
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zero
Size: 1024B - Virtual size: 943B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.null
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ