8e35de6592d8c976007dd5cd97954399_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e35de6592d8c976007dd5cd97954399_JaffaCakes118
Size

126KB
MD5

8e35de6592d8c976007dd5cd97954399
SHA1

bb9543108af20d74bfe164f93366a002a4e5fa85
SHA256

8e63e9ab0d7bb668736e7c90d565d1a6167346eddc730f04136c1416a78101e0
SHA512

202db3af6efb132cbb0d1f33e26d3a9652396cbd2e47581475216450e39d3ebf51e4a27f6387bc82bc57f1ab5608a5d7670d5d7e0f255aee98682a2fb81c8d49
SSDEEP

3072:eNrYMAmDj7DwTBp43uXoMw2qXiYvoJypEP:eNznfcT97qyYB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e35de6592d8c976007dd5cd97954399_JaffaCakes118

Files

8e35de6592d8c976007dd5cd97954399_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b9066968a7986437c0a48c0ade154eb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA
PathStripPathW

kernel32

GetModuleHandleA
LoadLibraryExA
lstrcmpA

Exports

Exports

?ExpandEnvironmentSampleStringsA@567GPAUHINSTANCE__@@U_COMMPROP@@?F
?ExpandEnvironmentSampleStringsW@567GPAUHINSTANCE__@@U_COMMPROP@@?F
?ZeroAccesA@567GPAUHINSTANCE__@@U_COMMPROP@@?F
?ZeroAccesW@567GPAUHINSTANCE__@@U_COMMPROP@@?F

Sections

.bss
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ