28b1bc6f080223afbcc29fa11c780b5a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28b1bc6f080223afbcc29fa11c780b5a_JaffaCakes118
Size

50KB
MD5

28b1bc6f080223afbcc29fa11c780b5a
SHA1

982a1bcb642574806da0caffe5a8575d8ac3ef90
SHA256

9e52b5228d84ad3c2abf76b5060162f3b601ce984269afb67c73b88635255257
SHA512

acb338eb9b4b8977c83fa3fe38ae1c97e2e3e59bed9a336830a5d632357c5cc081e08bece0b02598069df016487ea6f54fd5bdc98046bc1e9343c63dd2c6572c
SSDEEP

384:9LgubgqUMNeLNek+vD+5giEyV/X/diEDc30IlT3y6iIEQUOFgj:Ju0yrOjT34IEogj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28b1bc6f080223afbcc29fa11c780b5a_JaffaCakes118

Files

28b1bc6f080223afbcc29fa11c780b5a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb3e5b467d84bf8e64f2f8f6987a32b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeConsole
LoadLibraryExW
GetCommandLineA
CloseHandle
CreateMutexA
GetDriveTypeA
GetTickCount
EnumResourceTypesA
ReleaseMutex
FindClose
SetLastError
DeleteCriticalSection
GetDiskFreeSpaceExW
GetLastError
GetModuleHandleA
VirtualProtect
TlsGetValue
GetExitCodeProcess
GetComputerNameA
Sleep

shell32

ShellAboutA
SHFree
DuplicateIcon
ShellMessageBoxA
ExtractIconA
SHGetDiskFreeSpaceA
DragFinish
DllUnregisterServer
DragQueryFileA
DragAcceptFiles
StrChrA
SHGetMalloc
SHGetSettings

printui

bPrinterSetup
bFolderGetPrinter
vPrinterPropPages
vQueueCreate
PnPInterface

user32

MessageBoxA

Sections

.text
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ymgwofy
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE