94b6709368a5a985bfe97138bfaf5c1c_JaffaCakes118 | Triage

Sharing

General

Target

94b6709368a5a985bfe97138bfaf5c1c_JaffaCakes118
Size

272KB
MD5

94b6709368a5a985bfe97138bfaf5c1c
SHA1

65bcffd25e9cf9b78ba4189971003093e85dc6d6
SHA256

009da9375ace7c85010c74b8d1cad0e7825b0b3900a49abafd4597bbef72e89b
SHA512

ca3635705e6cffc017da19ccf65cd92226c3c1dd0174721d1a68a0aefca3711defd37a57902f9951b7b35eb0bfe210a3120a205666a3c56f2571752308c393ef
SSDEEP

6144:3V2vySM88jFoM7JewAzX1sYSCFUQdQLmCIEoxrcasq:l2BG68MlsYSiUQdQiZjdsq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
94b6709368a5a985bfe97138bfaf5c1c_JaffaCakes118

Files

94b6709368a5a985bfe97138bfaf5c1c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cdb5b3fefc59f5c3b4a28de2691d06c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeFormatA
GetCPInfo
GlobalGetAtomNameW
VirtualAlloc
HeapSize
SetStdHandle
HeapReAlloc
TlsSetValue
IsValidCodePage
SetFilePointer
WriteConsoleA
EnumResourceTypesA
TlsAlloc
RtlUnwind
GetLocaleInfoA
GetOEMCP
GetDateFormatA
SetThreadExecutionState
GetACP
MultiByteToWideChar
TlsGetValue
GetConsoleOutputCP
RaiseException

rpcrt4

RpcStringFreeA

shell32

SHGetDataFromIDListW
SHBrowseForFolderA
ShellExecuteExA
SHGetFileInfoA
SHGetPathFromIDListA
DragAcceptFiles
Shell_NotifyIconA

user32

LoadStringA
CharNextA
PeekMessageA
DispatchMessageA
DispatchMessageW
MessageBoxA
GetDesktopWindow
wsprintfA

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ