3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118 | Triage

Sharing

General

Target

3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118
Size

133KB
MD5

3f6700f557b1e20eb8f647f79dacfa38
SHA1

429e2d5eb15694f5a0ec4ea1b1397a6fc769255b
SHA256

f47e4d46d4f3b2e197975cef55634dab7b8f13e8d0bdadab5f04f0ca5cbd0368
SHA512

8839e8b95a6aae7d6056d3e16fcd0287eba1ab1c21774fdf0f31f9ac20c52cb2827df7201f1d5eddaa8e9ea4624d4342ff625c6bce43d41e4576c1abd08e48ca
SSDEEP

3072:+kwfBWX/oJGBhKcXsqog9SFXOgT2i20y5PuhHDS/Vg:s+IksqofhKlaHDS/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118

Files

3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118
.exe windows:4 windows x86 arch:x86

681fb869c1498bb4da406c40e4ed7f13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA
Shell_NotifyIconA
SHFileOperationA
SHGetDesktopFolder

shlwapi

SHStrDupA
PathIsContentTypeA
SHDeleteKeyA

user32

CharUpperA
IsDialogMessageA
IsDialogMessageW
IsIconic
GetCapture
LoadCursorA
GetMenu
GetActiveWindow
GetFocus
IsRectEmpty
CharLowerA

gdi32

GetRgnBox

kernel32

ExitProcess
lstrcatA
HeapDestroy
GetStdHandle
VirtualQuery
GetLocalTime
GetLastError
VirtualAllocEx
CreateEventA
SetThreadLocale
VirtualAlloc
FormatMessageA
GetCommandLineA
FindResourceA
GetFileSize
CreateFileA
lstrlenW
SetEvent
GlobalDeleteAtom
GetFileType
lstrcpyA
GetThreadLocale
IsBadReadPtr

Exports

Exports

_qZK2pn
57BMR@12

Sections

.text
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ