04c618de2831533f9c786c08539d19ca_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04c618de2831533f9c786c08539d19ca_JaffaCakes118
Size

363KB
MD5

04c618de2831533f9c786c08539d19ca
SHA1

027a9769916acb530148fba9cd8e59da7f2f52ef
SHA256

3e37361ea5765ab832ba6302752456e152ab5ab3038f233d64adb0ac996ae3f9
SHA512

2974632eb8f9d1e5255dbeed1292ce31629b9920979cbf0f3cc2e66bbfeadc2e09a76ffec6ed6752504c0fe655672097dfade2196a3b74c39533fb307594626f
SSDEEP

6144:NT854NgQwVsrvPSBHGeytGh0bgFfzDfpVdQbm1z4KVny1sRsjV7J1oyhuCrps:NTfOQwCjPS9GJGh+gt/D+bmZynV7mSps

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04c618de2831533f9c786c08539d19ca_JaffaCakes118

Files

04c618de2831533f9c786c08539d19ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ed34fd9c60e20aee922c94591f503da9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
GetLastError
SetLastError
VirtualProtect
Sleep
ReleaseMutex
GetTickCount
EnumResourceTypesA
GetExitCodeProcess
DeleteCriticalSection
LoadLibraryExW
GetComputerNameA
FreeConsole
GetDriveTypeA
CreateMutexA
TlsGetValue
GetModuleHandleA
GetDiskFreeSpaceExW
CloseHandle
GetCommandLineA

shell32

SHGetDiskFreeSpaceA
DragAcceptFiles
SHGetNewLinkInfo
SheChangeDirA
DragQueryFileA
SHGetSettings
SHGetMalloc
ShellMessageBoxA
ShellAboutA
SHFree
DragFinish
StrChrA
DllUnregisterServer

printui

bPrinterSetup
vQueueCreate
bFolderRefresh
bFolderGetPrinter
PnPInterface

user32

MessageBoxA

Sections

.text
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ