7878efac610d50f41132ab896a9a4088_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7878efac610d50f41132ab896a9a4088_JaffaCakes118
Size

156KB
MD5

7878efac610d50f41132ab896a9a4088
SHA1

7a9cd6e575551c7d8e1bfbae5d6cdbb85e56a239
SHA256

66f29709475976cfa80a79f0d2a365ab6578747cd5873779622b7cba43f37aed
SHA512

16a6354cf460e747c11e38f0b0526c77244bf30a60f9a9a5e21cbd25d8599ea284d54b83bd7127f053f78c97e210d15ed6dd3d8490aaf6714e78051dd88a6ed9
SSDEEP

3072:Z612XVqqVIAlGrInCOx7EVgeLCStSrsfp4ZdWh9NRI+JcMb8tyvl9RXECagIQCs7:I1MTxNiLCSSrc4ZdWh9tqit9WgFTDN1h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7878efac610d50f41132ab896a9a4088_JaffaCakes118

Files

7878efac610d50f41132ab896a9a4088_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a95855ce0893f0d72d730cace5699b35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextColor
GetBkColor
GetMapMode
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
GetStockObject
CreatePatternBrush
DeleteDC

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

user32

wvsprintfA

kernel32

GetCurrentDirectoryW
GetSystemTimeAsFileTime
GetProcessHeap
FindFirstVolumeA
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess

oleaut32

LHashValOfNameSys
DispGetIDsOfNames
VarUI4FromDec
SysFreeString

Sections

.text
Size: 85KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ