44291f79cdf925e77aec051235fcb633_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44291f79cdf925e77aec051235fcb633_JaffaCakes118
Size

140KB
MD5

44291f79cdf925e77aec051235fcb633
SHA1

b1118adff4ac8133eb1de9ef20873c72396f5837
SHA256

b16333401741ab0b99bc4034e4ed29c1db36194dcc8758aff6da0f4509fca62b
SHA512

4f2532ca12190dbd3e8384471cb01e1777fb145fbe4a263ff753ddb6cd0540ded3d8179d3989c4efeaf52047be62858b81da62c2b30cde72f16216a3ea8c5be7
SSDEEP

3072:81uLioWTNaqg2Muyqxt4tduPyFkmYnNhRe42O:8YiNjgi4twKFkmYnNhr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44291f79cdf925e77aec051235fcb633_JaffaCakes118

Files

44291f79cdf925e77aec051235fcb633_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc2ecaeee4aa58f01caa5f0b4c083bde

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoFileTimeNow
CoUninitialize
StgOpenStorage
CoInitialize

oleacc

LresultFromObject

kernel32

GetCurrentDirectoryW
FindResourceW
SetFileAttributesW
SearchPathW
GlobalFree
DisableThreadLibraryCalls
IsDBCSLeadByte
GetFileSize
SetErrorMode
UnlockFile
GlobalReAlloc
GlobalDeleteAtom
LoadResource
WriteFile
GetVolumeInformationW
SetFileTime
GetDriveTypeW
LockFile
GetShortPathNameW
SetEnvironmentVariableW
MoveFileW
EnumResourceNamesW
GlobalSize
FindNextFileW
GetFileTime
SetCurrentDirectoryW
ExitProcess
ReadFile
GetACP
CloseHandle
GetLocalTime
FindClose
IsDBCSLeadByteEx
SetFilePointer
DeleteFileW
FindFirstFileW
GlobalUnlock

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ