c17d9108b5dbd7e61ce660ef013d032c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c17d9108b5dbd7e61ce660ef013d032c_JaffaCakes118
Size

123KB
MD5

c17d9108b5dbd7e61ce660ef013d032c
SHA1

8a9783a15d51898fac2549ea9c149cb01ff5f79e
SHA256

92f56db278e442b758efec96e495fa864e6c1cac14a0edeefa85c28a0315c76e
SHA512

a010a7879b321761606b609af5b0a1a0a70450e16eb7b404e6172db9fc3f363c564b3058b238eb51b5d92d9577fe1f596bb6cc1641f9b5d1119b36542f690c65
SSDEEP

1536:lYnN4So1L2p7LtStBRc0NO6N/8KRNkPdJoBJROLOOnfp8eOV3PStbfaOK7dKmeqc:Se1E4B9F3BC5h8eaPebSLWQsv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c17d9108b5dbd7e61ce660ef013d032c_JaffaCakes118

Files

c17d9108b5dbd7e61ce660ef013d032c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c9fef40b8051b9d56d031ce823e5a2f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW

kernel32

GetVersionExA
MultiByteToWideChar
SizeofResource
lstrlenW
InterlockedExchange
SetLastError
GetStartupInfoA
GetCurrentProcessId
CreateIoCompletionPort
FindResourceExA
lstrlenA
EnterCriticalSection
GetTickCount
LoadResource
WideCharToMultiByte
EnumResourceNamesW
GetEnvironmentVariableA
GetCurrentThreadId
Sleep
LockResource
GetModuleFileNameA
LocalAlloc
FindResourceA
GetModuleHandleA
ExitProcess
GetSystemTimeAsFileTime
InterlockedCompareExchange
QueryPerformanceCounter
GetLastError
LeaveCriticalSection
lstrcmpiA
CreateProcessA
RaiseException
TerminateProcess
GetCurrentProcess

clusapi

CloseCluster

user32

GetSystemMetrics
UnregisterClassA
MessageBoxW
LoadIconA
DestroyWindow
LoadImageA
CharNextA
LoadStringW
CharNextW

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ