838f36eb9bdfeabfa15571279fdb59d7_JaffaCakes118 | Triage

Sharing

General

Target

838f36eb9bdfeabfa15571279fdb59d7_JaffaCakes118
Size

88KB
MD5

838f36eb9bdfeabfa15571279fdb59d7
SHA1

88a44f6d2cc9c334985e40413fc604d3a5e25da4
SHA256

2e945f653e6f5d6590c9a2478669b0bdf35b9a54b1212e8ee2ee66bb416c0d60
SHA512

43f5c1b60d078b1ae46497ab1ed97fe6a3650baa9ffcb80a4654ee6596fd5a39d83b1cf611018f5831b8f992806574debe0340050f7e2e87235054ddeba792be
SSDEEP

1536:C0yzGCCdVuUB24Ngwy6SogaaQg2Sz+FHf4U5c6wXye:CpGCCuS24NfyogaaQdSz+f4zvi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
838f36eb9bdfeabfa15571279fdb59d7_JaffaCakes118

Files

838f36eb9bdfeabfa15571279fdb59d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bba1e92eb7df4efe37f752dd0355da1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadCodePtr
FreeConsole
GetDateFormatA
VirtualProtect
IsBadReadPtr
FindClose
GetCommandLineA
EnumResourceTypesA
CloseHandle
TlsGetValue
ReleaseMutex
GetDiskFreeSpaceExW
Sleep
GetDriveTypeA
DeleteCriticalSection
GetLastError
GetModuleHandleA
SetLastError
GetTickCount
LoadLibraryExA

shell32

DuplicateIcon
SHGetSettings
ShellAboutA
DragFinish
SHFree
ShellMessageBoxA
DllUnregisterServer
SHGetMalloc
DragAcceptFiles
StrChrA
ExtractIconA
DragQueryFileA
SHGetDiskFreeSpaceA

printui

vPrinterPropPages
vQueueCreate
bFolderGetPrinter
bPrinterSetup
PnPInterface

advapi32

RegCloseKey

Sections

.text
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE