296afd448ba8969f443ac06fac8f1199_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

296afd448ba8969f443ac06fac8f1199_JaffaCakes118
Size

153KB
MD5

296afd448ba8969f443ac06fac8f1199
SHA1

5630b0333e04b47f433185f9e18bc7fd1b5cd07b
SHA256

6cb5962892a0237d880a0f98a5933a87d9f8e92012118231584b8b8d79b662ad
SHA512

f2284c01cd5bc170ee0c3881c6d45ab64433cc641771ec3c962105937b95f226e13019f5c0cde4842cb662656b129fe485c89c855b8b1b5abd2b4bac7e5ac91c
SSDEEP

3072:1i5UCF0RCXJIZ6zD5QDTq97Cfnt037jJ6GmlnvTrl/Hh98Nl27POO5:AuRCi6zD5QqhC63jmJvTp8Nlkj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296afd448ba8969f443ac06fac8f1199_JaffaCakes118

Files

296afd448ba8969f443ac06fac8f1199_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1965efab79d760ba1628cbd42e7c8506

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

ShellExecuteW
SHFileOperationW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

shlwapi

PathCombineW
PathRemoveFileSpecW
SHGetValueW
PathAppendW
PathFileExistsW

kernel32

RegisterConsoleVDM
GetFullPathNameW
GetProcessHandleCount
MoveFileW
EnumResourceNamesA
FreeEnvironmentStringsW
GetShortPathNameW
CompareFileTime
SearchPathW
SetFileTime

oleacc

LresultFromObject
CreateStdAccessibleObject

user32

LoadIconW
SetWindowTextW
IsDlgButtonChecked
ReleaseDC
DestroyWindow
GetFocus
GetDlgCtrlID
CreateCursor
IsWindow
GetDC
PostMessageW
IsWindowEnabled
SetWindowLongW
PostQuitMessage
MsgWaitForMultipleObjects

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

comctl32

PropertySheetW

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idive
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ