aa346baff3260f169ead7b4fd9097482_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa346baff3260f169ead7b4fd9097482_JaffaCakes118
Size

276KB
MD5

aa346baff3260f169ead7b4fd9097482
SHA1

10d58601872bc71798d3a832f24a9f8424d3a72c
SHA256

8609a7b7b81773c22a1b39093b5ae70a090465886accea55d91589e838b8dc76
SHA512

baa2c35a2104b28b3df9a9555258ad0b4f91c2b75f021d1d6599fe86c329d8586998ba784005a838def0b70ab139796eb3a443176ce90915e9f06ce1bc9f4b65
SSDEEP

6144:Vb6FuFJBwr5bnwQsUEzCENjzGKbub3YPRQEJ/YNQy+FYOqf+uyohlX3:9aACENjzhubQad+FYOqC6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa346baff3260f169ead7b4fd9097482_JaffaCakes118

Files

aa346baff3260f169ead7b4fd9097482_JaffaCakes118
.exe windows:4 windows x86 arch:x86

04b201d9c1ddd77b15aef131b36ab876

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetAtomNameA
FreeLibrary
LoadLibraryA
GetPrivateProfileIntW
FindNextChangeNotification
GetCurrentDirectoryW
LoadLibraryW
GlobalLock
DeleteCriticalSection
GetProcAddress
GlobalAlloc
FindCloseChangeNotification
FindFirstChangeNotificationW
LockResource
FindClose
GetPrivateProfileStringW
FindResourceW
GlobalSize
LoadResource
WritePrivateProfileStringW
WaitForSingleObject
EnumResourceTypesW
GetVersionExW
FindFirstFileW
lstrlenW
IsBadCodePtr
GetVersionExA
MultiByteToWideChar
GetModuleFileNameW
MulDiv
GlobalUnlock
Sleep
GetModuleHandleW
InitializeCriticalSection
GetTickCount
CloseHandle
GetLocaleInfoW

shell32

SHGetImageList
ShellExecuteExA
SHGetPathFromIDListA
SHGetFileInfoA
SHGetFolderPathW
SHBrowseForFolderA
SHFileOperationW
ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
Shell_NotifyIconA

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ