fd8e8deff94296c882beaabe51a3c7a3_JaffaCakes118 | Triage

Sharing

General

Target

fd8e8deff94296c882beaabe51a3c7a3_JaffaCakes118
Size

165KB
MD5

fd8e8deff94296c882beaabe51a3c7a3
SHA1

aebacb50a2df7891e06b03218ebcc6aa9240537a
SHA256

6d2f52791863b5a3373f8831829cafc632711bf91c682519fa65b264b2b5f928
SHA512

9bc05b15c5aaafae2bdf27e1e917a9273cf9e5bf7b8dd164827de0446438f792e68c2794ce04fb5b9b4b7c0ff3352bc48b8c41f67c0aab5f5234212ca35518b4
SSDEEP

3072:u1tkv4qS0ZBQ/SlNEZhWd1SZ/XodGsm79eGK+nZ05UnltOQhkIDXg/xLFZPUELJD:uc4qTZBQ/SAYSfkGsmsGfnZ0qnlgQaI8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd8e8deff94296c882beaabe51a3c7a3_JaffaCakes118

Files

fd8e8deff94296c882beaabe51a3c7a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12e432fc66ec00e0ae203115c91f0b3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
FindFirstFileW
GlobalGetAtomNameA
FindClose
Sleep
GlobalSize
lstrlenW
MultiByteToWideChar
DeleteCriticalSection
GetVersionExW
GetTickCount
FreeLibrary
GetModuleHandleW
InitializeCriticalSection
LoadLibraryA
GetPrivateProfileIntW
EnumResourceTypesA
LoadLibraryW
WritePrivateProfileStringW
LoadResource
GetDllDirectoryW
GetVersionExA
LockResource
MulDiv
GetProcAddress
GetPrivateProfileStringW
GetLocaleInfoW

shell32

DllGetVersion
SHGetPathFromIDListA
CommandLineToArgvW
ShellExecuteW
SHGetFileInfoA
SHGetFolderPathW
ShellExecuteExW
SHFileOperationW
SHBrowseForFolderA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ