279fd365b34354e0265b9f585b7f3178_JaffaCakes118 | Triage

Sharing

General

Target

279fd365b34354e0265b9f585b7f3178_JaffaCakes118
Size

181KB
MD5

279fd365b34354e0265b9f585b7f3178
SHA1

7abbbbd2448dbab0e0a6c49267a96b15c4989178
SHA256

0fb71bd7b35c543867f308d9c78488505a6410bfda8bb42daf26872e24ba3691
SHA512

4d0971d3b6db516f5fd1ae26f7039c8ac0581ddea7bb7ce118c5daa4b6515b98b322f548984738411a61d98483b856fa4c837b602edf2a9e251499c5124dbb41
SSDEEP

3072:5EGHnBjU5Z9ylZTkZ8Yg3dEZaXrb6T9TF2xbsQR/fzaJw:nBA9oZoZRDZaXrQsXhzM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
279fd365b34354e0265b9f585b7f3178_JaffaCakes118

Files

279fd365b34354e0265b9f585b7f3178_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a227b53e5a925eb45c50e9082fdd2112

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

ole32

CoGetMalloc
CoUninitialize
StringFromGUID2
CoInitialize
CoTaskMemAlloc
CoTaskMemFree

kernel32

GetCalendarInfoW
GetCurrentDirectoryW
GetCurrentProcess
LocalAlloc
OutputDebugStringW
GetFileInformationByHandle
FreeLibrary
LocalFree
GetFileAttributesW
GetProcAddress
VirtualQuery
GetModuleFileNameW
GetCurrentThreadId
lstrlenW
DuplicateHandle
EnumResourceNamesA
WideCharToMultiByte
InterlockedExchange
SetEnvironmentVariableW
MultiByteToWideChar
SetLastError
GetProcessId
CreateDirectoryW
InitializeCriticalSection
SearchPathW
lstrcmpiW
ExitProcess
GetModuleHandleW
GetLastError
OutputDebugStringA
VirtualProtect
GetModuleHandleA
Sleep

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ