9fc6183ebe81f76b00e981ab94c17111_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9fc6183ebe81f76b00e981ab94c17111_JaffaCakes118
Size

181KB
MD5

9fc6183ebe81f76b00e981ab94c17111
SHA1

db7baa504438dd09beea74200670b58b43b8bfd4
SHA256

eb67c19cd2c55cb58404cfba915ef606e961a98d66cf53d4fe0b7d8b8cc94d52
SHA512

11007c03f0d4fb0a9b23fac1bb51dc8f3b6e1100f66a602ca4874010799bc5cb1e29a5f4b4d4d10d5a2d181a722777f03cfede96c835d32af7b7cbecc458fc28
SSDEEP

3072:fZImNTQOruLcqo+5SXhYESposrfPuDtpQ5iUcXk2e4JQsYmAXJWG4j:flVlqoyoSXu8uXkB1eAXMj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fc6183ebe81f76b00e981ab94c17111_JaffaCakes118

Files

9fc6183ebe81f76b00e981ab94c17111_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ba0d1a009cf74157d7aaa4805f83410

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameW
lstrlenW
GetCurrentThreadId
UnhandledExceptionFilter
GetThreadLocale
GetProcessTimes
SetUnhandledExceptionFilter
LoadLibraryA
IsBadReadPtr
GetLastError
MultiByteToWideChar
lstrlenA
GetCurrentProcessId
IsDebuggerPresent
IsBadWritePtr
GetModuleHandleA
EnumResourceTypesA
GetProcAddress
ExitProcess
LocalFree
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
CreateFileA
CloseHandle
WideCharToMultiByte
GetVersionExA

ole32

StgCreateDocfile
StgOpenStorage

user32

wsprintfA
wsprintfW

msvfw32

ICSendMessage
ICOpen
ICClose
ICDecompress

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ