f5a957e969adedecab3fd2083f4ac7a7_JaffaCakes118 | Triage

Sharing

General

Target

f5a957e969adedecab3fd2083f4ac7a7_JaffaCakes118
Size

158KB
MD5

f5a957e969adedecab3fd2083f4ac7a7
SHA1

1bc765ce0b2615235e7b3f2268c2953dfad1936c
SHA256

24cd69176ce9d6d10d771747191e41571e40f3e0ceac460722a139593f76c595
SHA512

4c9d6db5d5deb2e4923f1e2343bd260e37e15c33d6bc63a4fc165c5fdf69216bb9a079b938b8891c08cd5dfe428dca2bb897c3ca2422a3c68cb87f899ff978c4
SSDEEP

3072:YlU6ydqWNy0J2TlQ2tEb94PmszQFGFt6pQHwyPaTyqfG:YWNdlNts+pGtGfQZPaTFO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5a957e969adedecab3fd2083f4ac7a7_JaffaCakes118

Files

f5a957e969adedecab3fd2083f4ac7a7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5dbb476f31b13135c31fef78d2ec8a14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextColor
GetBkColor
GetMapMode
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
GetStockObject
CreatePatternBrush
DeleteDC

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

user32

wvsprintfA

kernel32

GetTempPathW
SetLastError
WaitForSingleObject
GetFileAttributesA
HeapSetInformation
GlobalFree
DeleteCriticalSection
GetTickCount
MultiByteToWideChar
lstrlenA
GlobalHandle
FormatMessageW
InterlockedDecrement
InterlockedIncrement
CreateFileW
CloseHandle

oleaut32

VariantInit
DispGetIDsOfNames
VarUI4FromDec
SysFreeString

Sections

.text
Size: 86KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ