06d44c8c2a4799c31aeeeb0f66cee6e2_JaffaCakes118 | Triage

Sharing

General

Target

06d44c8c2a4799c31aeeeb0f66cee6e2_JaffaCakes118
Size

282KB
MD5

06d44c8c2a4799c31aeeeb0f66cee6e2
SHA1

f1560b67a8e0e30d40fd9f598281799a516e58ea
SHA256

2cf0f06225998fb06a2dd991277574d83a3e1566181edd8bcf56840146d2316b
SHA512

890d743a98711cf5a55ab6a58e555f06321887a0daaf10444eebd5b93b0c770377c4634fbca78fe9efac711b9e1f03ff4da33415fc5f7c12334ff65de7e628ac
SSDEEP

6144:Z0mTmnVaKf0pALLPd6H0Ldit1SVadGvowQ/pJUJlowL:+Vc4uALLjW1gowujQlowL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06d44c8c2a4799c31aeeeb0f66cee6e2_JaffaCakes118

Files

06d44c8c2a4799c31aeeeb0f66cee6e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a89b9d98442d468ce1f120ed2f27e287

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GlobalGetAtomNameA
GetConsoleOutputCP
TlsAlloc
TlsGetValue
HeapSize
HeapReAlloc
WriteConsoleA
SetStdHandle
GetTimeFormatA
GetACP
MultiByteToWideChar
EnumResourceNamesA
GetDateFormatA
CreateDirectoryExA
GetLocaleInfoA
TlsSetValue
IsValidCodePage
GetCPInfo
VirtualAlloc
SetFilePointer
GetOEMCP
RaiseException

rpcrt4

RpcStringFreeA

shell32

SHGetFolderLocation
SHBrowseForFolderA
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetMalloc
DragAcceptFiles
ShellExecuteA
SHGetDesktopFolder
SHAppBarMessage
SHGetPathFromIDListA
SHGetFileInfoA
Shell_NotifyIconA

user32

PeekMessageA
MessageBoxA
LoadStringA
DispatchMessageW
GetDesktopWindow
CharNextA
DispatchMessageA
wsprintfA

Sections

.text
Size: 125KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ