c2666387c114f72636725324c86b98fe_JaffaCakes118 | Triage

Sharing

General

Target

c2666387c114f72636725324c86b98fe_JaffaCakes118
Size

152KB
MD5

c2666387c114f72636725324c86b98fe
SHA1

0e9aed8ffdc719ed5c9607293270c63a78e5e79f
SHA256

12b7b9d6b3d91ab8f11951d1d8550afb24959b766a530b1ba0752536a7664c70
SHA512

b39a883522dca4e2880b0b6fef9c3199fe33e07c2dba4a79ef2274fb0e52c2579f3fe5745da3ff9b631a70070b38d364873fcb1dd434c036e20e7ec11f3c3523
SSDEEP

3072:czqSkJ/d+Kdjdd3l8YaWJN6pvg1GJjDjE3aZZ8lhjPGiuox:cC/dvjJZJ6pXXjyECjPGbo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2666387c114f72636725324c86b98fe_JaffaCakes118

Files

c2666387c114f72636725324c86b98fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4c368cfc40ca90f6705622498520b7ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
GetProcessHeap
WriteFile
VirtualAlloc
GetModuleHandleA
CloseHandle
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
TerminateProcess
InterlockedIncrement
HeapAlloc
SetErrorMode
lstrlenA
SetFilePointer
CreateFileA

user32

LoadBitmapA
wsprintfA
GetKeyboardType
MessageBoxExA

shell32

SHGetFolderPathA
ord98

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Copy
ImageList_Create
ImageList_DragEnter

shlwapi

PathAppendA

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1017KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ