70af6e25e0549f794eeaf255cb5af763_JaffaCakes118 | Triage

Sharing

General

Target

70af6e25e0549f794eeaf255cb5af763_JaffaCakes118
Size

285KB
MD5

70af6e25e0549f794eeaf255cb5af763
SHA1

ddc55e4f18027f01b06e0921ca3eb7df6d9517f8
SHA256

7a2ed84f9927c8e4ab548c6e6dd969962a79a931199ac67d410c57b857852e73
SHA512

c907c0cf6652a79f6a9774dbfc722f74726cb0253786d09fb1e75f997d7aa1fab352053353efd355d8fb7b3943502d9ce77d1e8ee56e943cbb87b8de93ba745e
SSDEEP

6144:6Ul6WH9PeIvBF/pIR9sEPs+djj0+g9xZnlBeli:wyXv7/wts+djQ+g9x7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
70af6e25e0549f794eeaf255cb5af763_JaffaCakes118

Files

70af6e25e0549f794eeaf255cb5af763_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5129903784d45d6b6643aeea02db8f1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
GlobalGetAtomNameA
GetCPInfo
VirtualAlloc
GetLocaleInfoA
WriteConsoleA
TlsAlloc
HeapSize
GetTimeFormatA
RtlUnwind
GetDateFormatA
EnumResourceNamesA
GetOEMCP
GetConsoleOutputCP
TlsSetValue
GetACP
CreateDirectoryExA
MultiByteToWideChar
TlsGetValue
SetStdHandle
IsValidCodePage
SetFilePointer
RaiseException

rpcrt4

RpcStringFreeA

shell32

SHGetFolderLocation
DragAcceptFiles
SHGetFileInfoA
ShellExecuteA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetPathFromIDListA
SHGetDesktopFolder
ShellExecuteExA
SHGetMalloc
Shell_NotifyIconA

user32

DispatchMessageW
LoadStringA
CharNextA
GetDesktopWindow
MessageBoxA
DispatchMessageA
PeekMessageA
wsprintfA

Sections

.text
Size: 137KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ