835850d7a2c781134aa04a32b8935f98_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

835850d7a2c781134aa04a32b8935f98_JaffaCakes118
Size

183KB
MD5

835850d7a2c781134aa04a32b8935f98
SHA1

221c8c5f05d346b3102312547d593c5ccefc852c
SHA256

7ffa80e8653aa7fd7266781ed4720e56487992fe8428d265a46111dad44c2c09
SHA512

09b6873e23c603ec87ccd1c707c3d436875f0049fae2f5a3cbd3593db7cc54977905f5c9acf30d06abac9d9f87268831bc9441ffb3cbcfa660bcee08ff98f66e
SSDEEP

3072:uJoKtyObbxqXFFqHSonzQNke9dpYGxgQbA4O9DRnVSJprvk2Naa2K/dOVfbdop/N:UFtyOf85o8hSGeQb69FArvQK/dEbdopF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
835850d7a2c781134aa04a32b8935f98_JaffaCakes118

Files

835850d7a2c781134aa04a32b8935f98_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f17b4cca94b83bdc173f24476059f52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReplaceFile
Module32FirstW
CreateDirectoryExW
SetThreadAffinityMask
GetLocaleInfoA
EndUpdateResourceW
lstrcpyA
WriteFile

user32

IMPQueryIMEA
DestroyAcceleratorTable
DialogBoxIndirectParamW
EnumDesktopsA
WaitMessage

shell32

RealShellExecuteA
ShellAboutW
SHEmptyRecycleBinW
SHGetPathFromIDListW
PrintersGetCommand_RunDLL
DragQueryFile
DoEnvironmentSubstA
SHGetMalloc
SHGetMalloc

gdi32

GdiEntry4
GetClipRgn
GdiConvertBrush
CLIPOBJ_bEnum
DeleteColorSpace

Sections

.text
Size: 9KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack32
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ