292b4ca9cc4d69e3087f1bcec3f16051_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

292b4ca9cc4d69e3087f1bcec3f16051_JaffaCakes118
Size

136KB
MD5

292b4ca9cc4d69e3087f1bcec3f16051
SHA1

ec4472d765a84544739d581684107b8fe1436a18
SHA256

13d03fb53cccffcc850b089a379ed69c68ced7039bd14cef1fbb287b3c168e74
SHA512

9bbe1f08fd99c5864ce5a20002bd77c7c9a1d4a7a7dae5894807803879fe12a7220ea6f8479b9f1a03d10fa0910cb21cbcb7dfb40e89abc46f9d5c46e1f23bef
SSDEEP

3072:PJYbs7Vkr6JINMKPu3skCCMk6w6hHd5m4D5Q:x/7VTr3ACfHAa4q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
292b4ca9cc4d69e3087f1bcec3f16051_JaffaCakes118

Files

292b4ca9cc4d69e3087f1bcec3f16051_JaffaCakes118
.exe windows:4 windows x86 arch:x86

24b120ed9f83420fdc873201eab3c808

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW

clusapi

CloseCluster

kernel32

WideCharToMultiByte
SetLastError
GetCurrentThreadId
FindResourceExA
EnterCriticalSection
GetVersionExA
GetLastError
TerminateProcess
InterlockedExchange
InterlockedCompareExchange
Sleep
CreateIoCompletionPort
MultiByteToWideChar
LoadResource
SizeofResource
GetModuleFileNameA
lstrcmpiA
EnumResourceNamesW
QueryPerformanceCounter
lstrlenA
GetModuleHandleA
lstrlenW
FindResourceA
RaiseException
LocalAlloc
ExitProcess
LockResource
CreateProcessA
GetCurrentProcessId
GetTickCount
LeaveCriticalSection
GetEnvironmentVariableA
GetSystemTimeAsFileTime
GetStartupInfoA
GetCurrentProcess

user32

LoadStringW
LoadIconA
DestroyWindow
MessageBoxW
UnregisterClassA
CharNextA
LoadImageA
GetSystemMetrics
CharNextW

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ