26a82ca50df8e029177a36e0837c0654_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26a82ca50df8e029177a36e0837c0654_JaffaCakes118
Size

177KB
MD5

26a82ca50df8e029177a36e0837c0654
SHA1

21c7d8d722d29c0111b9687d4c37128a873436d2
SHA256

2729d9d18fa7ba0dad2625a6cea371039df23ff0688f015a9c72aba8c9cde35c
SHA512

a2d07b844a3630903728412231c9c75cff663a21ebe89bf97dc6d7ca5add1d3b8f2d93fbf5e0a831f9516797d05a28f13cc068e0cb2c9ec9659c89611925dffc
SSDEEP

3072:44dd+yiqpxGtMh/EcpV00DQDBkF9mvYPumT3SgpHwqE8CgwP2flumtb+Me7:443Oe+5cpV9c1AukHw9ZPIlu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26a82ca50df8e029177a36e0837c0654_JaffaCakes118

Files

26a82ca50df8e029177a36e0837c0654_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c37ff086688d8a6744b45c07c9cb794b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
wsprintfW

ole32

StgCreateDocfile
StgOpenStorage

msvfw32

ICSendMessage
ICOpen
ICClose
ICDecompress

kernel32

GetProcAddress
GetShortPathNameW
FreeLibrary
GetModuleHandleA
SetUnhandledExceptionFilter
InitializeCriticalSection
GetProcessTimes
lstrlenA
GetCurrentProcessId
DeleteCriticalSection
IsBadWritePtr
GetCurrentThreadId
EnumResourceTypesA
lstrlenW
LoadLibraryA
UnhandledExceptionFilter
CreateFileA
GetLastError
MultiByteToWideChar
IsBadReadPtr
ExitProcess
WideCharToMultiByte
CloseHandle
LocalFree
GetThreadLocale
IsDebuggerPresent
GetVersionExA

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ