12cdcd04c12b40b09589b05d99d94cf1_JaffaCakes118 | Triage

Sharing

General

Target

12cdcd04c12b40b09589b05d99d94cf1_JaffaCakes118
Size

310KB
MD5

12cdcd04c12b40b09589b05d99d94cf1
SHA1

ad3a23c0c57a1286f20fc8eb643f67aaca14f5ad
SHA256

605f755b6a06ad8f7cf0240a4b549079bdf551dde3509ea0d7feb84da92e4054
SHA512

69ea778f5d92bc16ba6ad355c4c2c3c594b606c7a8eb073ee2d1484987479e1d35b6472fc047113e378c829c1eb01064c6bfe941e15dc955d8220ba881137180
SSDEEP

6144:/6LAQCSfo8QH+NF6AbrBMQJ0pyx2KqsZfrPNQkAjreFAAq:/6LAQtAuNkw5gwfrPEO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12cdcd04c12b40b09589b05d99d94cf1_JaffaCakes118

Files

12cdcd04c12b40b09589b05d99d94cf1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d2e1b763a86c25033e6b08593a71761b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeviceIoControl
GetFileAttributesA
OpenMutexA
GetCurrentThread
GetDriveTypeA
GetStringTypeA
DeleteFileA
HeapDestroy
lstrlenA
HeapFree
GetCurrentProcess
LoadLibraryA
LocalLock
FindVolumeClose
VirtualProtectEx
GetPrivateProfileSectionA
GetVersionExW
CreateEventW
CloseHandle
GetStdHandle
GetPrivateProfileIntW

shell32

DragFinish
ShellAboutA
ShellMessageBoxA
DragAcceptFiles
DllUnregisterServer
SHGetMalloc
SHGetMalloc
ExtractIconA
SHFree
DragQueryFileA
SHGetSettings
StrChrA
DuplicateIcon

odbccp32

SQLGetAvailableDrivers
SQLInstallODBC
SQLConfigDataSource
SQLInstallDriver

msasn1

ASN1BERDecBool

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.import
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ