dfbf37e5595267575fe12b0be368a49d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfbf37e5595267575fe12b0be368a49d_JaffaCakes118
Size

55KB
MD5

dfbf37e5595267575fe12b0be368a49d
SHA1

2cca83964fe36c4589030d50eba14c4583476e35
SHA256

055ed576a819f83d8275ee42a25e286affa6c22ce33d7236466d1123b2f81ead
SHA512

86c7f75728cbf6bfde165800f52da30fee277a34fcde37402e0612d16a70530d6c8a19ebc002451c637bf3fec9da1e970b079eac232660ba731f32ec22412035
SSDEEP

1536:lLMdtmycvi+DoqqKj4X4ZuHaAlQe5nLOH:y6ycviNfef2QI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfbf37e5595267575fe12b0be368a49d_JaffaCakes118

Files

dfbf37e5595267575fe12b0be368a49d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

df997cf8ab37adf60957e20028b20787

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpLogicalW
StrCmpNIW
ord156
PathStripToRootW

kernel32

lstrlenW
GetSystemWindowsDirectoryW
lstrlenA

Exports

Exports

?FindByContext@252KPAUHINSTANCE__@@U_SYSTEM_INFO@@`M
?FindSymbol@252KPAUHINSTANCE__@@U_SYSTEM_INFO@@`M
?SpellCheck@252KPAUHINSTANCE__@@U_SYSTEM_INFO@@`M

Sections

.TEXT
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bcode
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ