fbf051aae49df5df85135777f9c4e067_JaffaCakes118 | Triage

Sharing

General

Target

fbf051aae49df5df85135777f9c4e067_JaffaCakes118
Size

180KB
MD5

fbf051aae49df5df85135777f9c4e067
SHA1

282f19cdc28d75e4fae0fb0a1384a5e189065883
SHA256

76953bb546b98caa43033510fe78df1c05613d0dd4ba0a9643e6fb0a8a722e40
SHA512

bd634044afb01d4caeea3e4e96b6c8a6b27d1fee9474d28a39c4f6e905b4e800d28dd4b1dce5a6b9ff8a80a91e239601cf967ff2b5bd24200f07b1b84c064ea7
SSDEEP

3072:6woysfs2//cG0tIVe0rPar1CpXX1vsQKiAq0Q05XX1bRoPJcVOGx4N:6woFPh0r0rs1CpXFvsQel5VaiOGs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbf051aae49df5df85135777f9c4e067_JaffaCakes118

Files

fbf051aae49df5df85135777f9c4e067_JaffaCakes118
.exe windows:4 windows x86 arch:x86

226342e2b83fc9bfac11ebb6d7ba80f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

mciSendCommandA
sndPlaySoundA

user32

IsWindow
SetWindowLongA
SetCursor
GetDlgItem
SetWindowPos
GetSysColor
FillRect
MoveWindow
GetDC
ReleaseDC
LoadCursorA
GetWindowInfo
ReleaseCapture
GetWindowLongA
SetCapture

kernel32

SetTapePosition
Sleep
ClearCommError
GetLocalTime
InterlockedExchange
GetCurrentProcessId
EnumResourceNamesA
GetVersion
FindClose
FatalExit
GetWindowsDirectoryA
FindFirstFileA

oleacc

LresultFromObject
CreateStdAccessibleObject

ole32

CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ