f863b20be7e796f452ea201a4f12a5f4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f863b20be7e796f452ea201a4f12a5f4_JaffaCakes118
Size

177KB
MD5

f863b20be7e796f452ea201a4f12a5f4
SHA1

2a6940013d2085fed552b02670a0ee4189d7c846
SHA256

f9f0663a1de2496697b6de9158425f50db99267ec981525d04daf0dcca732e84
SHA512

17e58ad9f4a245fa7cf2ab06b3e9eba8fa448683330672ad9f6483a7429e124561f417a8d48ec70e595ec9ce2e498c72c689d0aa62861cae3fc1efcd9c457e52
SSDEEP

3072:FssbqiYFLPZ1Ycux7cvykZIQeTKBzupWjPdkHDn/0Rkefz7jJ5nn8lSyx82p75MJ:CsGSNcvyvQ/cdjokefzXJtn8lSyx82ps

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f863b20be7e796f452ea201a4f12a5f4_JaffaCakes118

Files

f863b20be7e796f452ea201a4f12a5f4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c5951dc454fc84e06e7145960f8b999e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StgCreateDocfile
StgOpenStorage

msvfw32

ICOpen
ICClose
ICSendMessage
ICDecompress

user32

wsprintfA
wsprintfW

kernel32

InitializeCriticalSection
GetModuleHandleA
GetShortPathNameW
IsDebuggerPresent
LocalFree
LoadLibraryA
GetProcessTimes
DeleteCriticalSection
EnumResourceTypesA
UnhandledExceptionFilter
GetCurrentProcessId
SetUnhandledExceptionFilter
ExitProcess
CreateFileA
CloseHandle
GetProcAddress
GetCurrentThreadId
GetLastError
GetVersionExA

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ