f5a04203d240199fbed47a692e341931_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5a04203d240199fbed47a692e341931_JaffaCakes118
Size

139KB
MD5

f5a04203d240199fbed47a692e341931
SHA1

6cd6a821672397ba07cf36cae19786c26ddda56a
SHA256

336ec9f6d8f3df0f4570f83629a5704347b8c50c59e87764d801c4f0ec773673
SHA512

e146d70bd0f730cd3d0f75e43308886533eb8b3ca055bc552c8f7e9bfe6db33c15298f6c2d837ab96ebb1eb017ed12aae19feb336c0a640bf09db1d11c4fae15
SSDEEP

3072:DUi0F9YpjfKe+GsV22OZDc7SaDCilC8qAGGbTF/PtP1Z3eyLZ:D2XuK/GsV3OZsSaDCilC8qAGGbTF/Pt5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5a04203d240199fbed47a692e341931_JaffaCakes118

Files

f5a04203d240199fbed47a692e341931_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c1e3930ed31672579db863bace691ecd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
CreateFileMappingA
DeleteCriticalSection
GetFileSize
GetVersion
InitializeCriticalSection
InterlockedIncrement
LCMapStringA
LCMapStringW
ReleaseMutex
SetCurrentDirectoryA
WritePrivateProfileStringA

user32

GetDC
GetSubMenu
LoadStringA
wsprintfA

gdi32

DeleteDC
LineTo
SetROP2

shell32

DragQueryPoint
ExtractIconW
SHGetFileInfoA
SHGetFolderLocation
SHGetMalloc
ShellExecuteExA

comctl32

ImageList_ReplaceIcon
ImageList_SetOverlayImage

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ