fc8034de56341633f29ae81ac270b9bc_JaffaCakes118 | Triage

Sharing

General

Target

fc8034de56341633f29ae81ac270b9bc_JaffaCakes118
Size

287KB
MD5

fc8034de56341633f29ae81ac270b9bc
SHA1

30be16c3e4e908a80760e3652588a4721685e94d
SHA256

bd839030a526313dc365b4f43eebec68aba9684d36e5e3f6c2decd87e236d32c
SHA512

d5ee8b65d614f42d646f9af3c2ca8332faa2b6ef9e0f35b062062f57a02f2385d9983e627c6cce421a0eb774deb5c948927b2118760a118758c5103090fd95d4
SSDEEP

6144:Xf6Lg8gDnsD3YfaQsu39xN23T6ruCj06BtqkGY9hJRmKaB:uX3ELvNOT6qCj0YtqkRBQK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
fc8034de56341633f29ae81ac270b9bc_JaffaCakes118

Files

fc8034de56341633f29ae81ac270b9bc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df449db6a991ed94d9e839ad540efd36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shell32

ShellExecuteA
Shell_NotifyIconA

kernel32

GetStartupInfoA
GetCurrentProcess
GlobalFindAtomW
InterlockedCompareExchange
FoldStringW
QueryPerformanceCounter
GetLocaleInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
IsDebuggerPresent
GetTickCount
EnumResourceLanguagesA
GetCurrentThreadId
InterlockedExchange
GetPrivateProfileSectionW
GetCurrentProcessId
LocalAlloc
VirtualProtect
GetSystemTimeAsFileTime
GetProcessHeap
TerminateProcess
DeleteFileW

oleacc

CreateStdAccessibleObject

shlwapi

GetAcceptLanguagesA
PathRemoveFileSpecW
PathIsRelativeW
PathFindExtensionW
PathCreateFromUrlW
UrlCreateFromPathW
StrCmpIW
UrlUnescapeW
PathAppendW
PathCombineW

Sections

.text
Size: 150KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ