644968e603abd82a336f4062cba354fe_JaffaCakes118 | Triage

Sharing

General

Target

644968e603abd82a336f4062cba354fe_JaffaCakes118
Size

272KB
MD5

644968e603abd82a336f4062cba354fe
SHA1

26ee4740c0431a4a2dfade3e6f72520b567c2dc1
SHA256

0063c3f55094a3f99df20ba70cbadd99d74a7a1e6a93e3d30cc09808d0dc9e78
SHA512

2df8b0f3014531701b84f37d3f785505d2fc5d6bd137a40917b3ea9075fdb4b672c7b822e9db0b3f6a303b2150136a37a6cb1658a6fb096ad796b3a1bb05feda
SSDEEP

6144:Cq2FvYLdhAedG0VHTggS2tgnqApmFXITtvASb6YPO/HceQwO9/LKH:CSxGgTPZgnFQFXITdLOYq8eQp9/L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
644968e603abd82a336f4062cba354fe_JaffaCakes118

Files

644968e603abd82a336f4062cba354fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c1ba9b8d9ca81d01d4651587a9d824fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetPrivateProfileIntW
lstrlenW
GetAtomNameA
MultiByteToWideChar
GlobalSize
LoadResource
MulDiv
GetProcAddress
GetVersionExW
FindFirstFileW
LockResource
GetModuleHandleW
GetPrivateProfileStringW
EnumResourceTypesW
GetTickCount
DeleteCriticalSection
GetSystemDirectoryW
WritePrivateProfileStringW
GetModuleFileNameW
InitializeCriticalSection
FindClose
Sleep
GetVersionExA
LoadLibraryW
LoadLibraryA
GetLocaleInfoW

shell32

DoEnvironmentSubstA
SHFileOperationW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderA
SHGetPathFromIDListA
CommandLineToArgvW
ShellExecuteExA
SHGetFileInfoA
Shell_NotifyIconA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ