fa26c062c472b0e32695502df462df13_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa26c062c472b0e32695502df462df13_JaffaCakes118
Size

165KB
MD5

fa26c062c472b0e32695502df462df13
SHA1

e4224f78b8e9057b9fde8db139d598c91e118f05
SHA256

9cc05b8e88e776f14bc8c8b3c0f6d8cfb0738f11fa209296f7277ccceb14f404
SHA512

e26346b53f11d192fc2b002567d1c1e6878bea833d52a449fb708a9f951db7122ca4fa0dfade3bf4664ef1bb6c57f0d2afbcf114c6ed80900f832dc00e020098
SSDEEP

3072:vHI9Cb7zKLMLmWwQHIkNWChQ3ovs18POaUPSuGBZarv:Qob7mwLNBg4Q3KsjaUquQkrv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa26c062c472b0e32695502df462df13_JaffaCakes118

Files

fa26c062c472b0e32695502df462df13_JaffaCakes118
.exe windows:4 windows x86 arch:x86

961b3ca355db4c7cac576080e1eb0d46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GlobalGetAtomNameA
GetModuleFileNameW
LockResource
GlobalSize
FindFirstFileW
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetModuleHandleW
MulDiv
GetProcAddress
FreeLibrary
EnumResourceTypesA
MultiByteToWideChar
FindClose
Sleep
GetDllDirectoryW
LoadLibraryA
GetTickCount
WritePrivateProfileStringW
GetVersionExW
GetPrivateProfileStringW
LoadResource
GetPrivateProfileIntW
lstrlenW
GetLocaleInfoW

shell32

DllGetVersion
ShellExecuteW
SHGetFolderPathW
SHBrowseForFolderA
ShellExecuteExA
SHGetFileInfoA
CommandLineToArgvW
SHGetPathFromIDListA
ShellExecuteExW
SHFileOperationW
Shell_NotifyIconA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ