f61858e6612e0e91bb3d2a24cb2c3e90_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f61858e6612e0e91bb3d2a24cb2c3e90_JaffaCakes118
Size

1.2MB
MD5

f61858e6612e0e91bb3d2a24cb2c3e90
SHA1

7d1863a54c42073857aa826c7ba46afde086468d
SHA256

cf3e1d4ab735874f0946402b3eb8f2fd208bf335424c83e2d44a32b4f492888c
SHA512

81b2aeb668e3f7cd25d8df1353ee94419ff4a37733b8688fbda64afc9866b2ca3641e9f59d2cf712625ded3e277293b98c211725ab8afbea359c0641891a5276
SSDEEP

24576:q7SX6jMFjd/Z1ljTeU8Fn7ZJ/gTW0fM9:q7SKjM3TlT8FAk9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f61858e6612e0e91bb3d2a24cb2c3e90_JaffaCakes118

Files

f61858e6612e0e91bb3d2a24cb2c3e90_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7b19d92d5840abc4324537366088eb19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

DllRegisterServer
ILSaveToStream
DragQueryPoint
ILCreateFromPath
ILRemoveLastID
RealShellExecuteExA
ExtractIconExA
DAD_DragLeave
PathIsExe
OpenAs_RunDLL
ILAppendID
DragQueryFileA
PathGetShortPath
DllInstall

kernel32

CreateFileA
SetFilePointer
UnmapViewOfFile
VirtualFree
GetProcessHeap
CloseHandle
MapViewOfFile
LeaveCriticalSection
OpenFileMappingA
ReadFile
WriteFile
CreateFileMappingA
WaitForSingleObject
ExitProcess
VirtualAlloc
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection

adsldpc

ADsGetNextColumnName
BuildADsParentPathFromObjectInfo
ADsCloseSearchHandle
ADsSetObjectAttributes
Component
FreeADsStr
ADSISetSearchPreference
ADsEnumClasses
ADsObject
ADsGetPreviousRow

Sections

.text
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrcs
Size: 552KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ