e23573a435ea3b314612e84c1b403958_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e23573a435ea3b314612e84c1b403958_JaffaCakes118
Size

165KB
MD5

e23573a435ea3b314612e84c1b403958
SHA1

7c1c62e223ace830eaf564ac7fcdb2e830f379a0
SHA256

21fcabad5523df5c887da3a71ab68c64f9f92061d7537e3394f5664262b1b94b
SHA512

4e5ce5c4c4b4296793b0a82e11c71735a89da296b67d7a24b262eed50279ba55f9bcda3f62c8a57ee4f1913a084056b8636623282878d601271bccf972ffe2e4
SSDEEP

3072:Doq78OBuIeJFcPYNsJmypSTamWU3nO0HHn1qb86ctdf1arhueu2RXzTo:/7NETpgSWmWU3B1qb8rdWueu2VP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e23573a435ea3b314612e84c1b403958_JaffaCakes118

Files

e23573a435ea3b314612e84c1b403958_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5b817dee5279d530056a38165873281f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetCurrentProcessId
GlobalGetAtomNameA
SetErrorMode
TerminateProcess
GetProfileStringA
GetPrivateProfileStringA
LocalAlloc
FindResourceA
GetModuleFileNameA
IsDBCSLeadByte
CreateDirectoryA
FormatMessageA
EnumResourceTypesA
SizeofResource
GetProcessTimes
lstrcatA
WriteProfileStringA
GetPrivateProfileSectionA
lstrcpyA
GetFileAttributesA
GetPrivateProfileIntA
LoadResource
IsSystemResumeAutomatic
CreateFileA
LoadLibraryExA
SetUnhandledExceptionFilter
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetCommandLineA
lstrcpynA

version

GetFileVersionInfoA

shell32

SHIsFileAvailableOffline
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteExA
SHGetFileInfoA
DragAcceptFiles
Shell_NotifyIconA

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ