83419eea712182c1054615e4ec7b8cbe_JaffaCakes118 | Triage

Sharing

General

Target

83419eea712182c1054615e4ec7b8cbe_JaffaCakes118
Size

242KB
MD5

83419eea712182c1054615e4ec7b8cbe
SHA1

56c7c0929022a6caa6a22aa52683dd95c95dfaa2
SHA256

22e681906d77bef7ac343a41be08c40974e7eab45886ab47512855f24cc85eb8
SHA512

7d1d3d4f71027ad9394690b8af37191d61d460dc061e0aaf43ee0dc3dd09b5e97401c5c02d20058005d7c62590686bd1bd808b711eaa4ce0acf554dbac9b6675
SSDEEP

6144:fn+4qUh/gOx0H64s7rWyL0IaxZKTkznKn:NgOx0aH7rr0nxZKTkzy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83419eea712182c1054615e4ec7b8cbe_JaffaCakes118

Files

83419eea712182c1054615e4ec7b8cbe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8116f49d45d2fd55c990c058161bad0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nantietive.pdb

Imports

shlwapi

PathRemoveBlanksA
PathIsDirectoryEmptyA
PathIsDirectoryA
StrFormatKBSizeW
SHRegWriteUSValueW
PathGetDriveNumberA
UrlIsW

kernel32

OpenThread
SetMailslotInfo
FindVolumeClose
GetPrivateProfileIntW
GetBinaryTypeA
SizeofResource
FreeConsole
GetThreadContext
EnumResourceLanguagesA
VirtualAlloc
FillConsoleOutputCharacterW
SetEvent
GetDriveTypeA
DosDateTimeToFileTime
HeapAlloc
ClearCommBreak
WriteFileEx
InterlockedIncrement
OpenEventW
CreateTimerQueue
RemoveDirectoryW
GetProcessHeap
GetFileInformationByHandle
WritePrivateProfileStructA
SetVolumeMountPointW
GetVolumeInformationW
RequestDeviceWakeup
MapUserPhysicalPages
GetFullPathNameA
GetFileSize

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ