c86f241cb990115ad71bcf314f894c39_JaffaCakes118 | Triage

Sharing

General

Target

c86f241cb990115ad71bcf314f894c39_JaffaCakes118
Size

9.9MB
MD5

c86f241cb990115ad71bcf314f894c39
SHA1

ddbf16e3d9ccb155901ad0cdcfd5f13c534b782a
SHA256

2100dcdbfa6fa033bb725e5f352433d159854743a0816a9c2fba579bb9b54c9c
SHA512

3399169f3ef306ff156c71ef46bbf90e370b315072eab44711061ab0fc817fad65e99b38e230b2b7919e0bf32bede1e33cb435feb27ab36a01788b5058ec40f7
SSDEEP

196608:SgsBkyS1kHHD9BTsR/FKqaq/Rd+G7Iu9rt5J4SHgY4sZ/ABLGR:TD1knzTsB4qH/X7LzJ4SAguY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c86f241cb990115ad71bcf314f894c39_JaffaCakes118

Files

c86f241cb990115ad71bcf314f894c39_JaffaCakes118
.exe windows:4 windows x86 arch:x86

982cb4a2eca601d00ded9ac1277bbc30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetKeyboardLayout

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

StrStrA
StrChrIA

kernel32

GetModuleHandleA
lstrcpyA
lstrcatA
WriteFile
Sleep
SizeofResource
RtlZeroMemory
LockResource
CloseHandle
CopyFileA
CreateFileA
ExitProcess
FindResourceA
GetCurrentDirectoryA
LoadResource
GetTickCount
GetVersion
lstrlenA

urlmon

IsValidURL

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 778B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE