3978babb2823a7dc27658fb9a49fe560_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3978babb2823a7dc27658fb9a49fe560_JaffaCakes118
Size

172KB
MD5

3978babb2823a7dc27658fb9a49fe560
SHA1

51f3f707568f3e99c359b3a21af799c9b4d1104f
SHA256

c3b79a378daf25becb68986c22a3f5d8153875e194acc9b65bb47cbed3fe67a6
SHA512

149e84106a454e78e0b72399f70eb10e3078ab1e0b43bad2f6be5691bd17c35b6f6ab32eeb9a2392374d61010bf718dc55c5ee1b19a2ed98893893346dc7047b
SSDEEP

3072:YECpIGbg8p64ia+FEcFpx2Wtc779V5Xm/xoHTZ68YfNJjV2pYZqP:7g08pTEpx2WO5XHTZRisY8P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3978babb2823a7dc27658fb9a49fe560_JaffaCakes118

Files

3978babb2823a7dc27658fb9a49fe560_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8db7bf2adc01aa4795e532ca7f2d8da0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

kernel32

GetCalendarInfoW
lstrcmpiW
SetLastError
OutputDebugStringW
ExitProcess
GetProcAddress
LocalFree
GetFileAttributesW
FreeLibrary
LocalAlloc
DuplicateHandle
GetModuleHandleA
InterlockedExchange
GetFileInformationByHandle
SetEnvironmentVariableW
CreateDirectoryW
EnumResourceNamesA
GetCurrentThreadId
GetCurrentDirectoryW
lstrlenW
VirtualQuery
InitializeCriticalSection
GetCurrentProcess
MultiByteToWideChar
SearchPathW
GetModuleHandleW
VirtualProtect
GetLastError
WideCharToMultiByte
GetProcessId
OutputDebugStringA
GetModuleFileNameW
Sleep

ole32

CoGetDefaultContext
StringFromGUID2
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree

shlwapi

PathGetArgsW
StrDupW
SHRegGetValueW
PathIsUNCW
PathSkipRootW
PathFindFileNameW

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ