940d967bcfe737aa19fcbc0c509b1997_JaffaCakes118 | Triage

Sharing

General

Target

940d967bcfe737aa19fcbc0c509b1997_JaffaCakes118
Size

165KB
MD5

940d967bcfe737aa19fcbc0c509b1997
SHA1

c747d87c7811340334ad44776c3cebb4b4772b06
SHA256

e0010881f8738b3b02286822f1c697d7ad2b0c3db4c5cb842f2bca004355d217
SHA512

64641116236fe2fc31e62e02e8111efd2519b1cd5a150344684693bac2ea5985030058cb5331cf7d7c64a0bd05b84f51cb3df585613dd65c8f4b3c7897bbfaac
SSDEEP

3072:gY03ymoV57tys9FAAS/TFvEzhodQr4MJpwTOd49du2bXh+V+oxMlY:gY0C9VpEKvsvkibDhSto

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
940d967bcfe737aa19fcbc0c509b1997_JaffaCakes118

Files

940d967bcfe737aa19fcbc0c509b1997_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7cd8d2a672eaba7d1a7e8637438a48a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GlobalGetAtomNameW
SetFilePointer
HeapSize
VirtualAlloc
IsValidCodePage
GetDateFormatA
GetACP
HeapReAlloc
TlsGetValue
TlsAlloc
GetConsoleOutputCP
GetTimeFormatA
EnumResourceTypesA
TlsSetValue
WriteConsoleA
SetThreadExecutionState
RtlUnwind
SetStdHandle
GetOEMCP
GetLocaleInfoA
GetCPInfo
RaiseException

rpcrt4

RpcStringFreeA

user32

CharNextA
MessageBoxA
LoadStringA
PeekMessageA
DispatchMessageW
GetDesktopWindow
DispatchMessageA
wsprintfA

shell32

SHGetDataFromIDListW
ShellExecuteExA
DragAcceptFiles
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
Shell_NotifyIconA

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ