29a6fe33a86bb44746d712bc6dac7103_JaffaCakes118 | Triage

Sharing

General

Target

29a6fe33a86bb44746d712bc6dac7103_JaffaCakes118
Size

197KB
MD5

29a6fe33a86bb44746d712bc6dac7103
SHA1

57ae6d7e8f9c3795a843168e326d9dc0a2147c07
SHA256

d2b7b0a063eb0d343ac36d7f25440d8a1aa1af1905bc78992e864ac22b39f203
SHA512

767afb6d83e7a638d95ed1d619651e47a7c6c52562b59420ff2cae035ed1053d48c7707aca522e27979ff31ac0e0569ac99e916069a7233642eb24d89b81700e
SSDEEP

3072:MkEip26AJw4io2qvOv3eBkghzERCkFUOOHpT0eCSpZ:GiKa4iKKghgMpVHpY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29a6fe33a86bb44746d712bc6dac7103_JaffaCakes118

Files

29a6fe33a86bb44746d712bc6dac7103_JaffaCakes118
.exe windows:4 windows x86 arch:x86

78c96bcbffb9b36445eb8c394a1307fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA
SHGetDiskFreeSpaceA
Shell_NotifyIconA
SHGetDesktopFolder
SHFileOperationA

oleaut32

SafeArrayUnaccessData
SafeArrayPtrOfIndex
SafeArrayGetUBound
VariantCopyInd
SafeArrayCreate
OleLoadPicture
SysAllocStringLen

comctl32

ImageList_Add
ImageList_DrawEx
ImageList_Write

comdlg32

FindTextA
ChooseColorA
GetSaveFileNameA

kernel32

GetCommandLineW
FreeResource
GetLastError
GetModuleHandleA
lstrlenW
VirtualAllocEx
WriteFile
ExitProcess
GetCommandLineA
CompareStringA
GetVersion
HeapFree
LoadLibraryA
ExitThread
IsBadReadPtr
GetProcAddress
SizeofResource
GetModuleHandleW

gdi32

BitBlt
GetPaletteEntries

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ