9525a86414a879a3225ad641c6beabe3_JaffaCakes118 | Triage

Sharing

General

Target

9525a86414a879a3225ad641c6beabe3_JaffaCakes118
Size

273KB
MD5

9525a86414a879a3225ad641c6beabe3
SHA1

81fb772984f5a1004b33e9edcd3d54e2c77db8e8
SHA256

309cefc6d05ab7099e01428289e6f27e02b56021a931d959acc1506c63619a17
SHA512

d5c0b00f084cc5b45bd88e0ae2b662a19ccacf5fc70c907625d0eeb2f4f963176ff8e068b2c0a475e94982a63d19fed3bff0e86279f16cdcd8aab29298ef2e16
SSDEEP

6144:4lM+eVDct+q5t6KxlltFoP8KCwClXE51QIHOHCqNC:4lSDctpt68pWUKCA50H3C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9525a86414a879a3225ad641c6beabe3_JaffaCakes118

Files

9525a86414a879a3225ad641c6beabe3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3964fa6f22c12a5ec06d58e4a9488681

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameA
GetTickCount
GlobalSize
GetModuleFileNameW
FindClose
FreeLibrary
MulDiv
GetProcAddress
MultiByteToWideChar
GetPrivateProfileStringW
LockResource
Sleep
EnumResourceTypesA
LoadLibraryA
lstrlenW
LoadResource
LoadLibraryW
WritePrivateProfileStringW
DeleteCriticalSection
FindFirstFileW
GetPrivateProfileIntW
GetDllDirectoryW
InitializeCriticalSection
GetVersionExA
GetModuleHandleW
GetVersionExW
GetLocaleInfoW

shell32

DllGetVersion
SHGetFileInfoA
ShellExecuteExA
CommandLineToArgvW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListA
ShellExecuteExW
SHBrowseForFolderA
SHGetFolderPathW
Shell_NotifyIconA

wininet

InternetTimeToSystemTime
HttpQueryInfoA
InternetCrackUrlA
InternetErrorDlg
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile
InternetTimeFromSystemTime

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ