f1e3c01e65700773d56e160175091dfa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1e3c01e65700773d56e160175091dfa_JaffaCakes118
Size

149KB
MD5

f1e3c01e65700773d56e160175091dfa
SHA1

15cdd9d5dd52f1f47aa34909d6e2ffbde7b27223
SHA256

40dc67fcd24c55c1d71747059067ad671ed40d7b4c813eac86bc492b0e59e3e6
SHA512

79e8abf3687ff9526a5040b8421b0e19a3c91b73cb2ae2a9633fc9fd4f5bf1fa25c251e260d3da30e402c81db0a707b41fef270d9c2b6ec6ba144f7f66d51c01
SSDEEP

3072:joCN7acW4zlFqPMIY4rjCOtNgSsJ9AIBvQVrawIvFyhvT0Qb:JZacXDqZ3jtNJZVBa5wJgs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1e3c01e65700773d56e160175091dfa_JaffaCakes118

Files

f1e3c01e65700773d56e160175091dfa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e651063e8f5dcca8b40e796e650d00b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
CreateProcessA
WriteFile
SizeofResource
CreateFileA
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
FreeLibrary
ExitProcess
GetModuleHandleA
GetVersion
DeleteFileA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetStartupInfoA
GetCommandLineA
HeapFree
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetFilePointer
SetEndOfFile
ReadFile
GetStringTypeW

shell32

ShellExecuteA

shlwapi

SHSetValueA

Sections

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ