627e8d15bd800452c89c753e757bb339_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

627e8d15bd800452c89c753e757bb339_JaffaCakes118
Size

171KB
MD5

627e8d15bd800452c89c753e757bb339
SHA1

2b9404ec4a0b881ded349c026aa6e666a77b6f07
SHA256

eb5968d7eededee8a4015d539564b136c9dcad5e8f787cdf39e7da730f1f6284
SHA512

92d02fe60cc9b9be96551558ce86f4207d78e9638b27803312eaffdaec03c194fcf4f6ffad6d7f6529df13b42bb64f1a2db068ceaf8f0fee01b2e70c78675a87
SSDEEP

3072:MheCBFyGa+SyzMWt07hYQJZYq4zEzmyho0aJc2yqu6Wxq7i/loqkFz:MBKoP07iQHxzEva2yqu6yq7ixG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
627e8d15bd800452c89c753e757bb339_JaffaCakes118

Files

627e8d15bd800452c89c753e757bb339_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fd14067e1d8f68d3f47a5c542a924c20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameA
GetDateFormatA
GetLocaleInfoA
GetTimeFormatA
MultiByteToWideChar
VirtualAlloc
GetCPInfo
TlsSetValue
GetACP
HeapReAlloc
TlsAlloc
SetStdHandle
EnumResourceNamesA
GetConsoleOutputCP
TlsGetValue
IsValidCodePage
SetFilePointer
CreateHardLinkA
RtlUnwind
GetOEMCP
HeapSize
WriteConsoleA
RaiseException

user32

PeekMessageA
CharNextA
DispatchMessageW
LoadStringA
DispatchMessageA
GetDesktopWindow
MessageBoxA
wsprintfA

rpcrt4

RpcStringFreeA

shell32

SHGetFolderLocation
SHGetSpecialFolderLocation
ShellExecuteA
SHBrowseForFolderA
SHGetFileInfoA
DragAcceptFiles
SHGetDesktopFolder
ShellExecuteExA
SHGetPathFromIDListA
SHGetMalloc
SHAppBarMessage
Shell_NotifyIconA

Sections

.text
Size: 83KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ