bc3b65bef50d18acdab75426e0656db3_JaffaCakes118 | Triage

Sharing

General

Target

bc3b65bef50d18acdab75426e0656db3_JaffaCakes118
Size

166KB
MD5

bc3b65bef50d18acdab75426e0656db3
SHA1

6fca8ec1403555ed5045ac0f0564663cbc4a6df0
SHA256

98a725eba454c0f33a96ccf58cad810f3265c9d6ad5d1f5030e321ac02290825
SHA512

3a939ff8517fc64012660a0d37d75e6ba02c23d53431e7e3cc4ba0fac676b916c8664cb2f15be20fff8123c4a30535fea6704c64b4c9400572c54a0ec5f2f537
SSDEEP

3072:Asdam22aM+rzW+sVhKBq1mckVTwk1UFlc/Mu+AyUXP/ArLzt:AstmkhKQ1jELWlcuAyUX3czt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc3b65bef50d18acdab75426e0656db3_JaffaCakes118

Files

bc3b65bef50d18acdab75426e0656db3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1033bdf42c93bee382fb6c09b5f7f91a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
LocalAlloc
lstrcpyA
GlobalGetAtomNameA
CreateDirectoryA
WriteProfileStringA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
FindResourceA
GetTickCount
GetCurrentProcessId
FormatMessageA
EnumResourceTypesA
GetProcessTimes
GetProfileStringA
TerminateProcess
LoadResource
GetPrivateProfileIntA
SetErrorMode
CreateFileA
IsValidCodePage
IsDBCSLeadByte
LoadLibraryExA
GetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileSectionA
SizeofResource
SetUnhandledExceptionFilter
lstrcatA
lstrcpynA

version

GetFileVersionInfoA

shell32

SHIsFileAvailableOffline
SHBrowseForFolderA
ShellExecuteExA
DragAcceptFiles
SHGetPathFromIDListA
SHGetFileInfoA
Shell_NotifyIconA

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ