32ed73df106a4dd9ec006ce5f341b1cb_JaffaCakes118 | Triage

Sharing

General

Target

32ed73df106a4dd9ec006ce5f341b1cb_JaffaCakes118
Size

88KB
MD5

32ed73df106a4dd9ec006ce5f341b1cb
SHA1

c17f7bf9f633cfeea4f4de804a78346f03173d2d
SHA256

1211e82478bc7ec19385af35c6d380dce32972a8410e77f8abe76934335885be
SHA512

dcef689ca66916fc843ad6ae1f986a22d6d0edbddbf49884f7a615a5e8fb91aabb9ca3c4901bd0d3a790520ec211b17c42bb80ae88f35aad9525bc08cc37403f
SSDEEP

1536:AzH+lUFl01sLz35oXXpPmBwgPHa5Dt+1Wonb03U9uNw:AzHWUFK143SXW9PHS+A8Qo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32ed73df106a4dd9ec006ce5f341b1cb_JaffaCakes118

Files

32ed73df106a4dd9ec006ce5f341b1cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9903606c0645d0cdcee15bc944851627

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetDiskFreeSpaceExW
GetTickCount
ReleaseMutex
IsBadCodePtr
VirtualProtect
CloseHandle
GetDriveTypeA
FindClose
SetLastError
IsBadReadPtr
Sleep
FreeConsole
GetModuleHandleA
DeleteCriticalSection
TlsGetValue
GetCommandLineA
GetLastError
GetComputerNameA
EnumResourceTypesA

shell32

ShellAboutA
DragQueryFileA
SHFree
DragAcceptFiles
SHGetDiskFreeSpaceA
SHGetSettings
ExtractIconA
SHGetMalloc
DllUnregisterServer
DragFinish
StrChrA
ShellMessageBoxA
DuplicateIcon

printui

PnPInterface
vPrinterPropPages
vQueueCreate
bPrinterSetup
bFolderGetPrinter

advapi32

RegCloseKey

Sections

.text
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE