c16f2dc3d581802a5636338859469f09_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c16f2dc3d581802a5636338859469f09_JaffaCakes118
Size

181KB
MD5

c16f2dc3d581802a5636338859469f09
SHA1

be818dbbc03be643894b28b9a711f4a61c7d1ef5
SHA256

f85d9c8a1abcbfd73699cfacc0d995704c6c6466bd9263c0661bbc41e998e2b0
SHA512

516e137c782385f24ebc9471089f6767e173f7fe88e4e6704649a605a9708c9b6e943a8a03b0f64333f61a7cf51d6c0d34164a887d19812e9b95c06266cb7d5b
SSDEEP

3072:UiZz6KnPKZmduJJX2RhH4qYCKvKzGqS4U051r4nRrytcF9RU/AsAoxM9ni:Uil6UPM/GR14qbtGqzr4nlQcFPU/A8M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c16f2dc3d581802a5636338859469f09_JaffaCakes118

Files

c16f2dc3d581802a5636338859469f09_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aca133c2d9288e95990a4aaaee66c1ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
SetStdHandle
HeapSize
GlobalGetAtomNameA
GetOEMCP
GetCPInfo
GetConsoleOutputCP
WriteFile
GetDateFormatA
GetCurrentProcess
VirtualAlloc
GetLocaleInfoA
LeaveCriticalSection
IsValidCodePage
IsDebuggerPresent
FreeLibrary
EnumResourceNamesW
SetFilePointer
HeapReAlloc
GetCurrentProcessId
MultiByteToWideChar
GetStringTypeA
LoadLibraryA
GetSystemTimeAsFileTime
RtlUnwind
SetUnhandledExceptionFilter
InitializeCriticalSection
TerminateProcess
WriteConsoleA
EnterCriticalSection
GetTimeFormatA
GetACP
RaiseException

shlwapi

SHCreateStreamOnFileW
SHCreateStreamOnFileEx
PathIsContentTypeA
PathAppendA
PathIsFileSpecA
PathCreateFromUrlW

rpcrt4

RpcStringFreeA

Sections

.text
Size: 92KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ