99d397aac5d403a4f8ca0e94a5a4793d_JaffaCakes118 | Triage

Sharing

General

Target

99d397aac5d403a4f8ca0e94a5a4793d_JaffaCakes118
Size

177KB
MD5

99d397aac5d403a4f8ca0e94a5a4793d
SHA1

92aed3a5e1b011a3688de504f24f5703754aaa8a
SHA256

b8b6f794646b7839e2e65a6b241fdd02a63373be3706672ed5684cf594611f7f
SHA512

2dcb6b18a050c2fbb127300e42ba504c68cf9ce3394abae6d55c5176ccfde42565e38c6d02bdff6022ec72afa42809ca182cdcd87ef03e4f802fbb8c23f077e9
SSDEEP

3072:VHGuZBKl0neRybgnEF21PbSLtmdQ3IeyWHfFpaz5BeqSSLjig6kiEoD/t9v:V7ZcynBB21omdMHHzYJxjig6kid9v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99d397aac5d403a4f8ca0e94a5a4793d_JaffaCakes118

Files

99d397aac5d403a4f8ca0e94a5a4793d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c322a3e1f9192ed8b401fe5ef6d1e5e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

ICOpen
ICSendMessage
ICClose
ICDecompress

kernel32

lstrlenA
FreeLibrary
GetShortPathNameW
InitializeCriticalSection
lstrlenW
GetCurrentThreadId
IsBadWritePtr
GetCurrentProcessId
GetProcessTimes
LoadLibraryA
CloseHandle
IsBadReadPtr
EnumResourceTypesA
GetProcAddress
GetThreadLocale
MultiByteToWideChar
GetModuleHandleA
ExitProcess
UnhandledExceptionFilter
DeleteCriticalSection
GetLastError
LocalFree
IsDebuggerPresent
SetUnhandledExceptionFilter
CreateFileA
WideCharToMultiByte
GetVersionExA

user32

wsprintfA
wsprintfW

ole32

StgCreateDocfile
StgOpenStorage

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ