287d7ec582edbfd6c779db02ac8f4068_JaffaCakes118 | Triage

Sharing

General

Target

287d7ec582edbfd6c779db02ac8f4068_JaffaCakes118
Size

108KB
MD5

287d7ec582edbfd6c779db02ac8f4068
SHA1

05a8fd55f67ae4360f87afad2aa3e050a1345c95
SHA256

d9d26232c5bc6a2f6f49dd1e95dd8e0f71b8653f51ac751702aedf94011980ec
SHA512

7d2fa3c5767c8fc0947bfdc4cdc984fd47364d05c497c3cff3cf99f77ec8364ad468d4b15b5a9f41f54a4e76a9c836ae1e5fc07ecbc4d06c0dd0d957c9060960
SSDEEP

1536:rxfBFMUy9wFoT7GFNbaEpFtNVz+EPFoa8SMA+5U/3bt84A5iZmJih3Czl:rxfBFZFoTiFs8fPz+EPFoJUf7A5i1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
287d7ec582edbfd6c779db02ac8f4068_JaffaCakes118

Files

287d7ec582edbfd6c779db02ac8f4068_JaffaCakes118
.exe windows:8 windows x86 arch:x86

b4164bd653c757070f0d88020b245cb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

icm3rspl

EnterCriticalSection
CreateNamedPipeA
PathIsExe
DragQueryPoint
HeapFree
HeapSetInformation
RealShellExecuteA
FreeIconList
WaitForSingleObject
ReadFile
FreeResource
SetThreadUILanguage
LeaveCriticalSection
SetNamedPipeHandleState
HeapAlloc
InitializeCriticalSection
ILIsEqual
LockResource
CreateFileA
ILSaveToStream
EnumResourceLanguagesA
LoadResource
GetCurrentThread
HeapCreate
OpenThread
SetFilePointer
IsLFNDriveA
FindResourceA
CallCPLEntry16
ConnectNamedPipe
HeapDestroy

kernel32

GetProcessAffinityMask
CreateEventA
SetThreadIdealProcessor
GetTickCount
GetSystemInfo
GetCurrentProcess
SetProcessAffinityMask
ExitProcess

Sections

.text
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ