033ac5a013ba2b18886e36a969e55789_JaffaCakes118 | Triage

Sharing

General

Target

033ac5a013ba2b18886e36a969e55789_JaffaCakes118
Size

60KB
MD5

033ac5a013ba2b18886e36a969e55789
SHA1

90a99bd799dcae42db63c639c066b4a5d6dcc5ac
SHA256

c5a5a9ca8cf08f22d96c70a6ff4c9caf35758bfd8eac213f407fb52af336cf3b
SHA512

e30a5528c36d70f6f6bdbbcd66c6b191ad0bc05efd6ab14e3e3d36098392c111eae0548356a94a9791b0b56ba816fe7a326e4b75a09ba807c86fffa8c8f91447
SSDEEP

1536:SY6ohxR6xhR+ccccccArCJ7eGX+lRbgte:iqaxh5oXSJ0e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
033ac5a013ba2b18886e36a969e55789_JaffaCakes118

Files

033ac5a013ba2b18886e36a969e55789_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82b704c6b1e3fadf81b00c48392c6da5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GetModuleHandleA
ExitProcess
AddAtomA
Sleep
ReleaseMutex
SetEvent
FindResourceExA
FindVolumeClose
VirtualProtect
CloseHandle
GetConsoleFontSize
TlsGetValue
GetLastError
GetTickCount
HeapDestroy
lstrlenA
GetDiskFreeSpaceA
DeleteCriticalSection
SearchPathA

user32

GetMessageA
CopyIcon
GetKeyState
CloseWindow
EnableWindow
DragDetect
DialogBoxParamA
GetScrollBarInfo
EndDialog
CopyImage
DispatchMessageA
CreateMenu
CreateWindowExA
IsIconic

wshbth

NSPStartup
WSHJoinLeaf
WSHNotify
WSHOpenSocket2
WSHIoctl

shell32

FreeIconList

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE