b438c19137aeb09e5da4f8205c4a6f80_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b438c19137aeb09e5da4f8205c4a6f80_JaffaCakes118
Size

158KB
MD5

b438c19137aeb09e5da4f8205c4a6f80
SHA1

208b80bb07ae9ad56e79652c4532868bfcf73e49
SHA256

419add510660de03272915b29edb2e695c8ab26d8aad587f315507d867a6d5a2
SHA512

b9442833c9d1f3cde3c7401e167ca4a8598f6d25e477267b45d7fe4db426f4a989c3caf071e73296cedcf15edd038390f4e675a6131587e06677959b92812240
SSDEEP

3072:nyh7imyu3rRq6d3qIFZnUXjbmNlavtsbukgevOp8y:pmyMRblZ+xtMuk9F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b438c19137aeb09e5da4f8205c4a6f80_JaffaCakes118

Files

b438c19137aeb09e5da4f8205c4a6f80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ece1b9202d9efe3b74fc95c75086d72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextColor
GetBkColor
GetMapMode
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
GetStockObject
CreatePatternBrush
DeleteDC

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

user32

wvsprintfA

kernel32

GetTempPathW
GetSystemTimeAsFileTime
GetProcessHeap
FindFirstVolumeW
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess

oleaut32

VariantInit
DispGetIDsOfNames
VarUI4FromDec
SysFreeString

Sections

.text
Size: 96KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ