a39bc228af1b75ad00eca53864f78ff0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a39bc228af1b75ad00eca53864f78ff0_JaffaCakes118
Size

186KB
MD5

a39bc228af1b75ad00eca53864f78ff0
SHA1

d5e95956af387be7a1f82418d31b16e5515d76b2
SHA256

6a419c825c23dba280afacfebdf72b1de8391429a08e0b16ffab1b1e5f816bae
SHA512

4f754fea092cc1906758e8f4865ec584360b8de8837a19fe323846153b7fc41c3dce7bb5537c0909cdd9aef28c672037045e6766cabd54f29a3f6bc9dc7640ed
SSDEEP

3072:YFzihk/ZujvhAUUnvdJaSJ6zC1kWud9ExxgFKWnVUnCEcZr1mO:YFGGgVUlJDozx1zEngnVyCE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a39bc228af1b75ad00eca53864f78ff0_JaffaCakes118

Files

a39bc228af1b75ad00eca53864f78ff0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e97052d3dcb1042189925465c8e061b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLCID
lstrlenA
WriteFile
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadLibraryA
GlobalAlloc
VirtualAllocEx
FreeLibrary
GetOEMCP
ExitProcess
lstrcatA
VirtualAlloc
GetCurrentThreadId
GetModuleFileNameA
GetLastError

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

gdi32

CreateBrushIndirect
CreatePenIndirect
BitBlt
CreatePalette
GetCurrentPositionEx
GetPixel
GetObjectA
CreateFontIndirectA

shell32

SHFileOperationA
SHGetDesktopFolder
Shell_NotifyIconA
SHGetDiskFreeSpaceA

comctl32

ImageList_Destroy

Sections

CODE
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ