30bcb892d2d0da79fc9ffaaca321b882_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30bcb892d2d0da79fc9ffaaca321b882_JaffaCakes118
Size

133KB
MD5

30bcb892d2d0da79fc9ffaaca321b882
SHA1

cf5efcee21674a5caac0512e9ca039a366a34dbb
SHA256

bf80a45f6b177c8965f7c95e88876e3783a6250f9cae00c49082ecf63d32027f
SHA512

a71172a20d45cb5a8b853e85d1d24968db604ee78f312ea769036512631627f1401c099ae2fdf0b2ba54fad391bbee3e51291c5eb0405e8192a2030934306f86
SSDEEP

3072:/Gov5fGR7okSkpltZBVL2/sOTKMg+SYe/wKbu3z:/GovibphBlU6XNYeYC0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30bcb892d2d0da79fc9ffaaca321b882_JaffaCakes118

Files

30bcb892d2d0da79fc9ffaaca321b882_JaffaCakes118
.exe windows:4 windows x86 arch:x86

476c672f1f3a225cf715fad09bacbc8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
ExitProcess
FileTimeToLocalFileTime
GetExitCodeThread
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStringTypeA
GetSystemTimeAsFileTime
IsDebuggerPresent
LoadLibraryA
UnhandledExceptionFilter
VirtualAlloc
VirtualFree

user32

CharNextA
CreatePopupMenu
DestroyWindow
GetClientRect
GetDlgItem
GetParent
GetSystemMetrics
LoadIconA
MapWindowPoints
ReleaseDC
SendMessageA
SetWindowLongA
ShowWindow
SystemParametersInfoA

gdi32

CreateFontIndirectA
CreateHalftonePalette
CreateRectRgn
DeleteObject
SetStretchBltMode
SetTextColor

shell32

ExtractIconA
ExtractIconW
FindExecutableW
SHCreateDirectoryExW
SHFileOperationA
SHGetFileInfoW
SHGetPathFromIDList

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ