0bf2eb22e8cf783d4b7811a6c0f27989_JaffaCakes118 | Triage

Sharing

General

Target

0bf2eb22e8cf783d4b7811a6c0f27989_JaffaCakes118
Size

252KB
MD5

0bf2eb22e8cf783d4b7811a6c0f27989
SHA1

b55e206b2bed8b89040f08a1f072fc28f123e311
SHA256

f2bdc72bf32aeab3d10c042ba723cfe69068ba2a8581452ec4cfe899f00e3786
SHA512

daff2472f1e04a0ad760f13b14377b507ced8fff2611f777cca6ddd8e627b163014e1ae6472d00ecaf94ec6e67a20260eca576eddc49edbc1e9cfec2c2c2d402
SSDEEP

3072:GZEvzzw9LOg/bK9M4DIjV9Eh5oje8TvUaoaGEj8b5lzZLHk6z8mHrGR1vom/mg+0:G0wvbWMXj7EjivTME0H+6zVaDmg+aJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bf2eb22e8cf783d4b7811a6c0f27989_JaffaCakes118

Files

0bf2eb22e8cf783d4b7811a6c0f27989_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a6da6eeb9f7a3424b6d21b14633bfe9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragFinish
SHFileOperationW
DragQueryPoint
SHAlloc
FindExecutableA
PathIsSlowA
DragQueryFileA
ShellExecuteW
SHEmptyRecycleBinW
ShellMessageBoxA
SHGetDataFromIDListW
SHGetFileInfoW
StrChrW
ExtractIconW
ShellAboutA
SHDefExtractIconW
SHEmptyRecycleBinW

resutils

ResUtilGetBinaryValue
ClusWorkerCreate
ResUtilDupString
ClusWorkerStart
ClusWorkerTerminate

kernel32

GetStartupInfoA
ReplaceFileA
GetProcAddress
GetModuleHandleA
OpenFileMappingA
lstrcpynA
WaitForSingleObject
HeapAlloc
CreateJobObjectA
OpenJobObjectA
CreateFileA
UpdateResourceA
GetFullPathNameA
QueryDosDeviceA
MoveFileExA
CreateDirectoryW
GetLongPathNameA
CopyFileW
lstrcmpiW
SetCurrentDirectoryW
SetFilePointer

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ