5c0e9bffb83bc327c22972ec2c4072e1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c0e9bffb83bc327c22972ec2c4072e1_JaffaCakes118
Size

193KB
MD5

5c0e9bffb83bc327c22972ec2c4072e1
SHA1

70b271cc9fce8b7212d096aacd785024cc22b403
SHA256

8494a9cf0df039be07e9fdbf8ddb047d0c98f07c3638de23f8a33b34a89ccbba
SHA512

8e8229b58f0a431b3ba85cf325cdfb9864bb661b6d015ee79c46a035ca0757daa87543107fd1b438372b65e568c370811ff00ccc8e7462570fec5d0eee1fceba
SSDEEP

3072:CuPnUg/6f8IGm+oeSpGjq6tGXA2eDcJ1y8xkCkpMnpznJ0d7zy5oOut:NPYEEmSpmqRZeYJ11xkCkp00d/y5o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c0e9bffb83bc327c22972ec2c4072e1_JaffaCakes118

Files

5c0e9bffb83bc327c22972ec2c4072e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aced7fffa8987597ba9157cd576056bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc
GetAtomNameW
GetOEMCP
HeapSize
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
SetStdHandle
IsValidCodePage
MultiByteToWideChar
SetFilePointer
GetConsoleOutputCP
GetACP
EnumResourceNamesA
GetCPInfo
TlsGetValue
EnumSystemCodePagesA
HeapReAlloc
WriteConsoleA
VirtualAlloc
RtlUnwind
TlsSetValue
RaiseException

occache

FindControlClose

shell32

SHGetDataFromIDListW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
DragAcceptFiles
ShellExecuteExW
SHAppBarMessage
SHGetMalloc
Shell_NotifyIconW

Sections

.text
Size: 95KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ