e74886b56828724381864cbd4a02d970_JaffaCakes118 | Triage

Sharing

General

Target

e74886b56828724381864cbd4a02d970_JaffaCakes118
Size

173KB
MD5

e74886b56828724381864cbd4a02d970
SHA1

b7c867ec52da12c73047b7e6ddbc43e92ca439df
SHA256

1a0e4e1a66c8074e7c5120134f24b6eb31af3c461aedcc09d6e46be661be5664
SHA512

2979afee4da2612fe8e1dc33f8e07326324b282e058ad1600a303dc1fc8802805424e64326c5ad6d48580da5121c00505078a4b608af8a7567241a604e2ee0ef
SSDEEP

3072:ct4uQ++kNoWKAjL5S+QNGS0CjBYP3TB4yHYMJwD28/HMZwF59Pi2:ctRFIAwjHX9YPiIY9SMEs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e74886b56828724381864cbd4a02d970_JaffaCakes118

Files

e74886b56828724381864cbd4a02d970_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72f81989c1854914a147925a4fec9445

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

LresultFromObject

kernel32

AddAtomW
PrivMoveFileIdentityW
CreateMutexA
CloseHandle
DeleteAtom
OpenProcess
GetProcAddress
VirtualAlloc
VirtualFree
WaitForSingleObject
lstrcpynW
GetModuleFileNameW
GetSystemTime
CreateDirectoryW
GetProcessId
WriteFile
CreateFileW
DuplicateHandle
GetFileAttributesA
GetFileAttributesW
CreateEventA
LoadLibraryExW
EnumResourceTypesA
MoveFileW
OutputDebugStringW
ProcessIdToSessionId
ExitProcess
GetUserDefaultUILanguage
ReleaseMutex
CreateFileMappingA
SetEvent
LoadLibraryA
SystemTimeToFileTime
MapViewOfFile
UnmapViewOfFile
GetStdHandle
LoadLibraryW
FindAtomW

user32

GetDC
MessageBoxW
RegisterClassExW
GetUpdateRgn
CreateWindowExW
GetWindowInfo
LoadCursorW
EndDialog

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apexi
Size: 1024B - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ