4a3543e6771bc78d32ae46820aed1391_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a3543e6771bc78d32ae46820aed1391_JaffaCakes118
Size

235KB
MD5

4a3543e6771bc78d32ae46820aed1391
SHA1

c41659957ae1ed5d1eea28b553af881c40ff24e6
SHA256

ea8c6a377c474bcf7c34f642b8f6829591761da5b32d7a92ba1570ae498fb31b
SHA512

8cc26927ea8c128973d66b848188cf0de662265f2f9b8c60f09161c1ceda466dbe44222d25d4df031870bc0c50d91ccc373962fe9e767ece2b4a56058b59dcd9
SSDEEP

3072:7bDRqanQiZUwTSqFU1yklcv+umttE0s53ctzv53wIZ992nWrOjDrA3d+il2oU:7nXhZUwTSqFYoLmFUcXT4J/E+v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a3543e6771bc78d32ae46820aed1391_JaffaCakes118

Files

4a3543e6771bc78d32ae46820aed1391_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8116f49d45d2fd55c990c058161bad0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

prieivatie.pdb

Imports

shlwapi

PathRemoveBlanksA
PathIsDirectoryEmptyA
PathIsDirectoryA
StrFormatKBSizeW
SHRegWriteUSValueW
PathGetDriveNumberA
UrlIsW

kernel32

OpenThread
SetMailslotInfo
FindVolumeClose
GetPrivateProfileIntW
GetBinaryTypeA
SizeofResource
FreeConsole
GetThreadContext
EnumResourceLanguagesA
VirtualAlloc
FillConsoleOutputCharacterW
SetEvent
GetDriveTypeA
DosDateTimeToFileTime
HeapAlloc
ClearCommBreak
WriteFileEx
InterlockedIncrement
OpenEventW
CreateTimerQueue
RemoveDirectoryW
GetProcessHeap
GetFileInformationByHandle
WritePrivateProfileStructA
SetVolumeMountPointW
GetVolumeInformationW
RequestDeviceWakeup
MapUserPhysicalPages
GetFullPathNameA
GetFileSize

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ