38f299f889decc10ce1365ea503a9e9a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38f299f889decc10ce1365ea503a9e9a_JaffaCakes118
Size

182KB
MD5

38f299f889decc10ce1365ea503a9e9a
SHA1

b08785763aac090d95a1936a6bfc865139fb439f
SHA256

aea1f6770cd958bf0b8be29267c1a1910b8984e119f96b1cbdf3cd9782644c84
SHA512

37f8d4ec1d45a0b06f6480aa74ad916f93e1c4dfb86c87fea01bcaf5c1a6d5671a61e5f876bcc3feb647257f119ed8568362b790daa19c66fb3a13e8134550fc
SSDEEP

3072:FvAB2daKKlQbgwrG60+eJOZKcreT3eUCszUKTfqGJINq38nT1D9Cs3xaSHOQsOw:ZiQcwrII8HT3ekUFq3ZfSHOQ/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38f299f889decc10ce1365ea503a9e9a_JaffaCakes118

Files

38f299f889decc10ce1365ea503a9e9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2afadac4150467cd96e6ed9590b5ead2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

shlwapi

StrDupW
PathSkipRootW
SHRegGetValueW
PathGetArgsW
PathIsUNCW
PathFindFileNameW

kernel32

GetModuleHandleW
GetModuleFileNameW
GetCalendarInfoW
OutputDebugStringW
GetFileInformationByHandle
InterlockedExchange
VirtualQuery
GetProcessId
LocalAlloc
CreateDirectoryW
FreeLibrary
lstrcmpiW
WideCharToMultiByte
GetFileAttributesW
EnumResourceNamesA
ExitProcess
GetCurrentProcess
SearchPathW
GetModuleHandleA
SetEnvironmentVariableW
VirtualProtect
lstrlenW
OutputDebugStringA
DuplicateHandle
GetProcAddress
InitializeCriticalSection
MultiByteToWideChar
SetLastError
GetCurrentDirectoryW
GetLastError
LocalFree
GetCurrentThreadId
Sleep

ole32

CoGetDefaultContext
StringFromGUID2
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ