487b21a4b84379d55db70681f37b91ab_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

487b21a4b84379d55db70681f37b91ab_JaffaCakes118
Size

167KB
MD5

487b21a4b84379d55db70681f37b91ab
SHA1

3409530f678d9b05151ce58ec20b2a1711555893
SHA256

2dcbacbd92ecb3300fee812d7a658603a883692ca365d96eaf0782512de21477
SHA512

516c2b767c6b6f01c55710c8ac7bc1dd2969911dae3904834c6a925371901d807bedfb1d945868190764a13491cd5f57a36153340aec80ce59e709271cefa70c
SSDEEP

3072:pvc43Y+4zpn2ObrrleACTV3HxGYjxznUuPAROMWWAxA4FbnGhr:p9Y+O5bY3V3RGA2uoPWWAqOG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
487b21a4b84379d55db70681f37b91ab_JaffaCakes118

Files

487b21a4b84379d55db70681f37b91ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

837e84744da1d8e7a68f39b7145f8f08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetCurrentProcessId
TlsAlloc
VirtualAlloc
QueryPerformanceCounter
HeapReAlloc
SetLastError
HeapCreate
EnumSystemLanguageGroupsW
IsBadWritePtr
HeapAlloc
HeapDestroy
GetWriteWatch
VirtualFree
VirtualQuery
GetSystemTimeAsFileTime
TlsFree

shlwapi

PathAddBackslashW

shell32

SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW

winmm

mciSendCommandA

oleacc

CreateStdAccessibleObject
AccessibleChildren

user32

SetWindowTextA
GetDlgItem
GetWindow
DestroyIcon
CreateWindowExA
LoadImageA
LoadStringA
GetParent

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ