298e58ca40b026bffcaeb872f8ea9c9e_JaffaCakes118 | Triage

Sharing

General

Target

298e58ca40b026bffcaeb872f8ea9c9e_JaffaCakes118
Size

156KB
MD5

298e58ca40b026bffcaeb872f8ea9c9e
SHA1

a7f016d869ecb8b5cb4e7b4f08f8c024a06e5213
SHA256

fb7cc6596333947037fbc5ea540acc002ee93d622392fbbfcd5504a145c47853
SHA512

2e586f6669073887bd2c987b7647f51fe397b299db4c058d16a4cf7a5754223b6e7a911c9c04877a2df338fe11436b1c87f5dad9aa18555dec87e130727c0401
SSDEEP

3072:NOnaemr+5v+vd3fqFHmDFRSCzzC7i/2pZnh6YJr41ZIpU9x0q:NOap+EvxqFHmxRVz6g2p1h6YJscz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
298e58ca40b026bffcaeb872f8ea9c9e_JaffaCakes118

Files

298e58ca40b026bffcaeb872f8ea9c9e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c00154708a75c976aa78f04e700c9606

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleA
OutputDebugStringA
GetVersion
HeapCreate
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
GetProcessHeap
VirtualFree
HeapFree
InterlockedIncrement
HeapAlloc
SetErrorMode
lstrcpyA
GetCurrentProcess
TerminateProcess
RtlUnwind
VirtualQuery
IsDebuggerPresent

shell32

SHGetFolderPathA

comctl32

ImageList_Copy
ImageList_Remove
ImageList_Create
ImageList_SetIconSize
ImageList_Read
ord17
ImageList_DrawIndirect

shlwapi

PathAppendA

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ