17b30ab6dcd99b260cb8eb3217f64bb5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17b30ab6dcd99b260cb8eb3217f64bb5_JaffaCakes118
Size

188KB
MD5

17b30ab6dcd99b260cb8eb3217f64bb5
SHA1

4e49d1d926177a8b963548807122a50aced97fda
SHA256

e77a242fb23da214ca9c4d8e15ba5fe4018c5165ac8893459dc6c045ca77dad0
SHA512

cd0e7b7a2b723644dd5c66faeb476e1ea79ee793936eed43823b77c2cc5aed156d3c74fb3979b17e0d3dcd88f67b045d4e00386eac78f03ec5c804916a52291a
SSDEEP

3072:3O7gSkqBtbcbtc7c9E6uCXzM/aTqL+xDvOpO8ZykgMgobcBkvvSpZ:3O8SpncbtcwzuKzM/aWsDvwO8ZlgM0C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17b30ab6dcd99b260cb8eb3217f64bb5_JaffaCakes118

Files

17b30ab6dcd99b260cb8eb3217f64bb5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4bdf00e902fcf6b3ed93672f7d066cff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA

kernel32

IsBadReadPtr
DeleteFileA
EnumCalendarInfoA
ExitProcess
GetProcAddress
VirtualAllocEx
LoadLibraryA
LockResource
GetFileSize
GetCommandLineA
GetCommandLineW
ExitThread
GetVersion
lstrlenW
GetModuleFileNameA
GetLocalTime
GetLastError
GetModuleHandleA

shlwapi

SHDeleteValueA
SHGetValueA
SHEnumValueA
PathGetCharTypeA
SHStrDupA
PathFileExistsA
SHSetValueA
PathIsDirectoryA

msvcrt

clock
wcscspn
swprintf
acos
cos

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

comctl32

ImageList_Draw

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 1024B - Virtual size: 629B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ