e0c6247a10e90d78a4bab1fea77d57b5_JaffaCakes118 | Triage

Sharing

General

Target

e0c6247a10e90d78a4bab1fea77d57b5_JaffaCakes118
Size

286KB
MD5

e0c6247a10e90d78a4bab1fea77d57b5
SHA1

34d4e5d8d54c0eda9b444879c98a5f1cac97431f
SHA256

d27671568091892834ec1ee00ed8d520a60110b373bee7647e18504695c9385d
SHA512

aad6dd2b8e20c6104e1c17f317f067dc97b5429e2a00c02f1aa66ac8b9112e4f6842e687887fbac48f153e4748ce26db3fec4f37d51ba737ee79cb1a10e609e1
SSDEEP

6144:W6jV3dXwqqSAOv3xgM1otCaLzVvEiSUd3/zDkR4:J5AKxd17advk0zDkR4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0c6247a10e90d78a4bab1fea77d57b5_JaffaCakes118

Files

e0c6247a10e90d78a4bab1fea77d57b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

408436306acc9f21a3c70182cdc2d868

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shell32

ShellExecuteA
Shell_NotifyIconA

kernel32

GetCurrentProcess
GlobalFindAtomW
InterlockedCompareExchange
VirtualProtect
QueryPerformanceCounter
GetStartupInfoA
InterlockedExchange
IsDebuggerPresent
GetSystemTimeAsFileTime
GetLocaleInfoW
GetCurrentThreadId
EnumResourceLanguagesA
GetProcessHeap
GetModuleHandleW
GetCurrentProcessId
GetPrivateProfileSectionW
GetTickCount
LocalAlloc
FoldStringW
UnhandledExceptionFilter
TerminateProcess
SetUnhandledExceptionFilter
DeleteFileW

oleacc

CreateStdAccessibleObject

shlwapi

GetAcceptLanguagesA
StrCmpIW
PathFindExtensionW
PathCreateFromUrlW
PathAppendW
PathRemoveFileSpecW
UrlCreateFromPathW
PathIsRelativeW
UrlUnescapeW
PathCombineW

Sections

.text
Size: 150KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ