310bf508df3f8e395257d30735ad73a6_JaffaCakes118 | Triage

Sharing

General

Target

310bf508df3f8e395257d30735ad73a6_JaffaCakes118
Size

130KB
MD5

310bf508df3f8e395257d30735ad73a6
SHA1

623aeea3b52769ffdaffce92f854b661cf94b2bf
SHA256

cef20642ad9efb74fc042f2064d3dbecfe73f58da98a982e4cfbc6699f7aeef6
SHA512

9c3ee73139d52e56fe189f4c83cadec832202befa75905e75646f06bcf2a35cd8ce497ebf5ed3674019247a264021d2d6d230982db6a9b40a1ace9c99d949ee7
SSDEEP

3072:to4RJgpP/qoHOE29qa3XqnokoEaPadAdPTVewKfj:to4UpP/qonN3dAdZdK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
310bf508df3f8e395257d30735ad73a6_JaffaCakes118

Files

310bf508df3f8e395257d30735ad73a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a3d4652e50dcc7c79cf20864fb841cbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
IsBadHugeReadPtr
VirtualAllocEx
ExitProcess
GetCurrentThread
ExitThread
GetCurrentProcess
GetCommandLineW
LocalReAlloc
GetCurrentThreadId
lstrlenW

shell32

SHGetSpecialFolderLocation
SHGetFileInfoA
SHGetDiskFreeSpaceA
Shell_NotifyIconA
SHGetFolderPathA

shlwapi

SHGetValueA
PathIsDirectoryA
SHSetValueA

user32

LoadKeyboardLayoutA
KillTimer
GetFocus
LoadCursorA
LoadBitmapA
LoadIconA
IsWindowUnicode
GetMenu
GetWindow
LoadStringA

gdi32

GetRgnBox
GetPixel
RestoreDC
LineTo

Exports

Exports

E5QYxg@16
ck3z2lort
_j_AX3QJ5T8RS@4
_gboDfAVXCvAQ@24

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ