d2011999bf01f1f91bd43359a368edd2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2011999bf01f1f91bd43359a368edd2_JaffaCakes118
Size

363KB
MD5

d2011999bf01f1f91bd43359a368edd2
SHA1

c1874e615d5744c3d9a4be1aec71a5ae1618e5cb
SHA256

6fca1952cde3cc7327489b01abc4b0085d66b3b1c4316b9b0f17e6e23a5bd90f
SHA512

a1ec4cdb7182fe916707451a46e84f3b235dbac517cdc0171d32401761d82cb944a4acfd08332a5b269bb73af2eb50805074c10c662b776ca97f079351f1ff23
SSDEEP

6144:XiJwnMGOr8fe0AJgjchjTnDqNkCYV7zj9nd56t6L8R8NmC:y+n9O8e0Fcx/bV7Pn5k+XNH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2011999bf01f1f91bd43359a368edd2_JaffaCakes118

Files

d2011999bf01f1f91bd43359a368edd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6dae6823efc721eec4ab77acbcad2e6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
EnumResourceTypesA
GetTickCount
GetDiskFreeSpaceExW
GetDriveTypeA
GetCommandLineA
ReleaseMutex
FreeConsole
CreateMutexA
TlsGetValue
VirtualProtect
SetLastError
FindClose
Sleep
GetLastError
CloseHandle
GetComputerNameA
GetModuleHandleA
DeleteCriticalSection
GetExitCodeProcess

shell32

StrChrA
SHGetMalloc
DragFinish
SHGetSettings
SHGetDiskFreeSpaceA
DragQueryFileA
DllUnregisterServer
ShellAboutA
ShellMessageBoxA
SHFree
DragAcceptFiles
ExtractIconA
DuplicateIcon

printui

PnPInterface
bPrinterSetup
vQueueCreate
bFolderGetPrinter
vPrinterPropPages

user32

MessageBoxA

Sections

.text
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ