b17dd9f7c19abd35e1965765c46b49cf_JaffaCakes118 | Triage

Sharing

General

Target

b17dd9f7c19abd35e1965765c46b49cf_JaffaCakes118
Size

524KB
MD5

b17dd9f7c19abd35e1965765c46b49cf
SHA1

79aba941c55eae3a862aa9eb0ba77679c48e5723
SHA256

abdb1614c69b16a4fbc2e1c8fd27e12f94856cbad5dafe2751cfed751797fa07
SHA512

6c5794edb73827e9ae3c7bba572c209c6430a2e075571f415077ad8cf12098f6ae08454a6b7a477fe11a6320fb7df6116205c994c7b3f923e0ddecd7d9724179
SSDEEP

3072:dSK/q9+96x/12G3KNg+hyVXyipXUVhJWlz/kFn8zziX6KB7nvBTTR4KlvIZ+VYjq:zI+Mx/IGaNgHvfzizrvjxydYzh/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b17dd9f7c19abd35e1965765c46b49cf_JaffaCakes118

Files

b17dd9f7c19abd35e1965765c46b49cf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

28a4cca47d662ac9505b0bca7e663c7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LoadLibraryA
LocalAlloc
GetThreadLocale
VirtualAllocEx
GetOEMCP
LoadResource
HeapFree
ExitProcess

version

GetFileVersionInfoSizeA
VerInstallFileA
VerFindFileA

shell32

Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetFolderPathA
SHFileOperationA
SHGetDiskFreeSpaceA

user32

DrawTextA
EnableWindow
EmptyClipboard
EnableScrollBar
IsCharLowerA
GetMenu
GetSysColorBrush
EnableMenuItem

Exports

Exports

e3m6reLy@8
MVhgtW3SX8sLF
_cSH2hxz0FK3I_P@16
02Rpl_nxG
_SzDXynnriKK@8
vZLEh8Vnw3CgXG
Aevpxt9@12

Sections

CODE
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 817B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.itdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ