5e3cebb136d7f4439585e334bb7bd850_JaffaCakes118 | Triage

Sharing

General

Target

5e3cebb136d7f4439585e334bb7bd850_JaffaCakes118
Size

279KB
MD5

5e3cebb136d7f4439585e334bb7bd850
SHA1

18884adca2c9068a11da65d395da1893b00b5a50
SHA256

357ba0334fd90890901fa9cdc1011a4a2b1fc2ed5d1d4e388b904366264f7231
SHA512

6bef4e904fe8d13a0db3d158e4787e7bf906161c3e408421bc3e854081140a080f5debc91d0fcb526e1eafc5cbd621a310043bc4a7725295596e61fff1fca0a5
SSDEEP

6144:VKio1vdoxw47AzGjTOCCOJ2t/xFwK9uUHtpW9J/UXjN:V5MdoTAoiCCS2t//wK9uUHgtUXj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e3cebb136d7f4439585e334bb7bd850_JaffaCakes118

Files

5e3cebb136d7f4439585e334bb7bd850_JaffaCakes118
.exe windows:4 windows x86 arch:x86

db94344cdcad50707f8003bb6c77c405

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
HeapReAlloc
GlobalGetAtomNameA
VirtualAlloc
GetConsoleOutputCP
WriteConsoleA
MultiByteToWideChar
GetTimeFormatA
RtlUnwind
GetCPInfo
EnumResourceTypesW
GetACP
GetDateFormatA
HeapSize
SetStdHandle
TlsAlloc
TlsSetValue
GetUserGeoID
SetFilePointer
IsValidCodePage
GetOEMCP
GetLocaleInfoA
RaiseException

user32

DispatchMessageW
CharNextA
LoadStringA
MessageBoxA
GetDesktopWindow
DispatchMessageA
PeekMessageA
wsprintfA

rpcrt4

RpcStringFreeA

shell32

SHGetUnreadMailCountW
ShellExecuteExA
SHGetPathFromIDListA
SHGetFileInfoA
SHBrowseForFolderA
SHAppBarMessage
DragAcceptFiles
Shell_NotifyIconA

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ