49fd22f7816c858fa7a8f20d9d9d3207_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49fd22f7816c858fa7a8f20d9d9d3207_JaffaCakes118
Size

131KB
MD5

49fd22f7816c858fa7a8f20d9d9d3207
SHA1

07bce51e3f330fe49aa3a49efc640a640ad1a23d
SHA256

14ae4fdf34991fdb7a493bb71a3839df45cfa965a5712de2e5dda9b647b8a892
SHA512

880e8294b3a64c95c4007993e5c4c031de15f4df84b0716cceaf9c71babfb1ce2635e5db7152c1c6f3fcc286f836baa691404951ad5977e4aefe7b8f8d45f7a8
SSDEEP

3072:wQFHCS3oIU157MVbHtLnWWyqMdyrOjUlrCOTzffu6J2N7o9Y:wQwS9tHtD3bMdGuIz3u22N+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49fd22f7816c858fa7a8f20d9d9d3207_JaffaCakes118

Files

49fd22f7816c858fa7a8f20d9d9d3207_JaffaCakes118
.exe windows:4 windows x86 arch:x86

800920539297009554cb80c35e3695f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

ReleaseStgMedium
CoUnmarshalInterface
StgOpenStorage
CoDisconnectObject
CoCreateFreeThreadedMarshaler

shlwapi

PathGetCharTypeA
PathIsContentTypeA
SHQueryInfoKeyA

kernel32

VirtualAllocEx
LoadLibraryA
GetDateFormatA
GetCommandLineW
GetCurrentThreadId
IsBadHugeReadPtr
GetDiskFreeSpaceA
ExitProcess
GetEnvironmentStrings
GetFileAttributesA
GetFileSize

gdi32

GetClipBox
CreateDIBitmap
GetPaletteEntries
SelectPalette
GetPixel
GetBkColor
SetPixel
GetTextAlign
CreateDIBSection

user32

IsDlgButtonChecked
EnableWindow
GetMenu
CreateMenu
GetMessagePos
GetScrollInfo
GetPropA
GetParent

Exports

Exports

BZwt7huAvh7
_hesfXmT2
_Za1mnA_SRHSSH
ZhPnlcm1W_@8
_7Y5hBarb1rra5

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ