4b61aabca99cafcb6b257ebc3ba7c19c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b61aabca99cafcb6b257ebc3ba7c19c_JaffaCakes118
Size

169KB
MD5

4b61aabca99cafcb6b257ebc3ba7c19c
SHA1

e0b8c29d761e13a400e2b29f2a7df3975eeb00cd
SHA256

ea6d23f9c0b3337182f8a887d75e5ba2e36ba27de092f61e2a9a0f08a8dccdf5
SHA512

789ffbabc824212a28efb81de438020d742b4590f92a1d99b999c20497ffa8139c886e96ef876a09811c9de7ad0f15acce542f045bf10338d18026160808f6d6
SSDEEP

3072:6JT/U4nkdxxF7emMPfAES5yAFZRIWKN+c9L6aqNcwn9s0TBn8CnTIBGCqWpy:AknPKmKAzoAx3KNOcw9s2/n5e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b61aabca99cafcb6b257ebc3ba7c19c_JaffaCakes118

Files

4b61aabca99cafcb6b257ebc3ba7c19c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a8e2035c4e81d6f594d17653dd1c058

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapFree
HeapCreate
VirtualAlloc
GetCurrentProcessId
HeapDestroy
SetLastError
VirtualFree
TlsAlloc
EnumSystemLanguageGroupsW
HeapAlloc
QueryPerformanceCounter
GetWriteWatch
GetSystemTimeAsFileTime
IsBadWritePtr
VirtualQuery
TlsFree

shlwapi

PathAddBackslashW

shell32

SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW

oleacc

CreateStdAccessibleObject
AccessibleChildren

user32

SetWindowTextA
LoadStringA
GetWindow
CreateWindowExA
DestroyIcon
GetDlgItem
LoadImageA
GetParent

winmm

mciSendCommandA

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ