70e016d36603caaceec0c5c8c945322d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70e016d36603caaceec0c5c8c945322d_JaffaCakes118
Size

177KB
MD5

70e016d36603caaceec0c5c8c945322d
SHA1

795f034b47f38a6347ba0831264f09e4b74350e7
SHA256

46c1dc852d905dad4a8aac93fb5488c66df0f129e6ebd9934fee1c789a22a83d
SHA512

875afa0ecc0536c86b4cf434a51df5b18b5c43ef0b72e9c327467f7db8990fad10994853ddef80574649b74249426303100afe6db97a2b0faaab7f615c26a8f6
SSDEEP

3072:wzdeY0Sz/+FGHFuqtebFu9mARpyXqmmQIQr3fFwB0QPfe7e6tJq6Vzy5:Gd7gmuwL9mARU1XIQzf60qfe7eCDz6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70e016d36603caaceec0c5c8c945322d_JaffaCakes118

Files

70e016d36603caaceec0c5c8c945322d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99e1d4b071addad8856dc1b60b6bea90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

shlwapi

PathGetArgsW
PathSkipRootW
PathIsUNCW
SHRegGetValueW
StrDupW
PathFindFileNameW

kernel32

GetCurrentProcess
SetLastError
GetProcessId
GetFileAttributesW
GetCalendarInfoW
GetModuleHandleA
MultiByteToWideChar
GetLastError
SearchPathW
OutputDebugStringW
InterlockedExchange
LocalFree
lstrlenW
GetModuleFileNameW
CreateDirectoryW
SetEnvironmentVariableW
EnumResourceNamesA
GetModuleHandleW
DuplicateHandle
GetProcAddress
WideCharToMultiByte
InitializeCriticalSection
FreeLibrary
LocalAlloc
GetCurrentThreadId
VirtualProtect
OutputDebugStringA
GetCurrentDirectoryW
VirtualQuery
GetFileInformationByHandle
ExitProcess
lstrcmpiW
Sleep

ole32

CoGetDefaultContext
CoUninitialize
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoTaskMemFree

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ