be13d3a13aecae12c335703a548f56f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be13d3a13aecae12c335703a548f56f2_JaffaCakes118
Size

180KB
MD5

be13d3a13aecae12c335703a548f56f2
SHA1

02b7484fec5646af9e5a22f24449ba9f0d9663ad
SHA256

c3118271d35a956f61cea20f71d70b3305d0ed0347ae10db5dd2023b2c335be4
SHA512

059892ad6f10b4b189987610b0cfad87bab25f7cfa7bce230feda529e543d2f98abf1416bc64d02d89f69b639350d78f5de8ea70805de7a0c1ad941a06043d0a
SSDEEP

3072:FqDztifjcS0sagmzaYvCtvd0u7a/VJo6EuzOfXJovuqt5T3l:F9jl0ZgOaYqtvKeAw6DOfJi7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be13d3a13aecae12c335703a548f56f2_JaffaCakes118

Files

be13d3a13aecae12c335703a548f56f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29019d5ab7b9511aba32437a847885b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathSkipRootW
StrDupW
PathIsUNCW
PathGetArgsW
SHRegGetValueW
PathFindFileNameW

kernel32

lstrlenW
GetCurrentProcess
GetCalendarInfoW
GetCurrentDirectoryW
GetFileAttributesW
GetModuleHandleW
LocalAlloc
GetFileInformationByHandle
LocalFree
ExitProcess
OutputDebugStringA
WideCharToMultiByte
lstrcmpiW
VirtualProtect
VirtualQuery
InterlockedExchange
EnumResourceNamesA
FreeLibrary
SetEnvironmentVariableW
GetProcAddress
DuplicateHandle
SetLastError
InitializeCriticalSection
OutputDebugStringW
MultiByteToWideChar
GetModuleHandleA
GetLastError
SearchPathW
GetModuleFileNameW
GetCurrentThreadId
GetProcessId
CreateDirectoryW
Sleep

gdiplus

GdipGetImageWidth
GdipDisposeImage

ole32

CoGetDefaultContext
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ