fa48a2706898fc238c0696139a979802_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa48a2706898fc238c0696139a979802_JaffaCakes118
Size

178KB
MD5

fa48a2706898fc238c0696139a979802
SHA1

977f7f912b33a0f3c987c733828038ba3b567b3c
SHA256

dc741470bd9ee7420a7232dbb462bba0fa5bc69adb7d3eeb2983cdf5668621c8
SHA512

1db779133018cd78bfdbeae0493bcb78d95d232a8f7b3b676f2ae399d115590b938b2d0cd1467e214b70855c86ee1fe6c2eb4394ba2611bdf4592578a61439d6
SSDEEP

3072:It1D9IicO6bngWuQxy5aHebKx+TzASXq0chnQETgb:It1BcvbnAX0EKx+PASXq1nQETg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa48a2706898fc238c0696139a979802_JaffaCakes118

Files

fa48a2706898fc238c0696139a979802_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7dbf7480dc4175b2eda12f632e41cb6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameW
InitializeCriticalSection
SetUnhandledExceptionFilter
IsBadWritePtr
MultiByteToWideChar
IsBadReadPtr
GetProcessTimes
LoadLibraryA
GetCurrentThreadId
GetThreadLocale
DeleteCriticalSection
UnhandledExceptionFilter
EnumResourceTypesA
CloseHandle
GetProcAddress
GetLastError
FreeLibrary
lstrlenA
ExitProcess
GetModuleHandleA
lstrlenW
IsDebuggerPresent
WideCharToMultiByte
CreateFileA
GetCurrentProcessId
LocalFree
GetVersionExA

ole32

StgCreateDocfile
StgOpenStorage

user32

wsprintfA
wsprintfW

msvfw32

ICOpen
ICClose
ICSendMessage
ICDecompress

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ