de15811312aa16266f81d85e9d3f5749_JaffaCakes118 | Triage

Sharing

General

Target

de15811312aa16266f81d85e9d3f5749_JaffaCakes118
Size

287KB
MD5

de15811312aa16266f81d85e9d3f5749
SHA1

5233c9193fa6c059fe10a41e5d066ff4361fe70b
SHA256

a4b43db80753b0dde3fe246908e7134907a7b04f0aa17b447f4991855e634beb
SHA512

3bda60703d66328a788be9e49e09c78ce561a1b34ec0a42ea6560b1008c696990e9d5febd99609cc88fa4e1125cc51681a64f8f4df8c9bf10255233083b91c0f
SSDEEP

6144:mB9xBR18BSOGG+Bk8jbMRkFBE4pOd0Bkfcqw9tpx4MLQrXALw:gUSjJk8fMRoE4pOdmkfcr97xd/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de15811312aa16266f81d85e9d3f5749_JaffaCakes118

Files

de15811312aa16266f81d85e9d3f5749_JaffaCakes118
.exe windows:4 windows x86 arch:x86

35da89c3ce017310de210c567a2e669a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameW
RtlUnwind
SetFilePointer
SetStdHandle
TlsAlloc
WriteConsoleA
GetTimeFormatA
IsValidCodePage
GetLocaleInfoA
GetACP
TlsSetValue
EnumResourceTypesW
MultiByteToWideChar
GetOEMCP
HeapReAlloc
TlsGetValue
SetUserGeoID
GetDateFormatA
HeapSize
GetCPInfo
GetConsoleOutputCP
VirtualAlloc
RaiseException

rpcrt4

RpcStringFreeA

user32

DispatchMessageW
MessageBoxA
CharNextA
LoadStringA
GetDesktopWindow
DispatchMessageA
PeekMessageA
wsprintfA

shell32

SHGetUnreadMailCountW
SHGetPathFromIDListA
ShellExecuteExA
SHGetFileInfoA
SHBrowseForFolderA
DragAcceptFiles
Shell_NotifyIconA

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ