a9917de225e866104f0a14979ce59ac4_JaffaCakes118 | Triage

Sharing

General

Target

a9917de225e866104f0a14979ce59ac4_JaffaCakes118
Size

273KB
MD5

a9917de225e866104f0a14979ce59ac4
SHA1

598f4faf694e445e1c82bb1411da2c6ecf7f1127
SHA256

592c6c01d9387508a474186e1536434f0010f0163079ac53bf062a8d822c744a
SHA512

7bae3e6220cc1a8fabe4dc59b3f3abd9dcab688ec6f53a1eb91664d6d4a5cda66bd50d305559afe9cbd4204e0011595408b1855dbe37639c704b57123f33bb8c
SSDEEP

6144:mRbYRgvJYh2VNRS0SY17RLlcezaDb93WMYUmXBWsImZRbYV:eYRgvJ7zRS0X17RZWDR3tYUmjP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9917de225e866104f0a14979ce59ac4_JaffaCakes118

Files

a9917de225e866104f0a14979ce59ac4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

865c47ca24e480f915e3637c2c22f1c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameA
MulDiv
LoadLibraryW
GetModuleFileNameW
GetPrivateProfileStringW
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
GetPrivateProfileIntW
LoadLibraryA
lstrlenW
FreeLibrary
EnumResourceTypesA
LoadResource
WritePrivateProfileStringW
GetTickCount
FindClose
Sleep
FindFirstFileW
MultiByteToWideChar
GetDllDirectoryW
LockResource
GetProcAddress
GlobalSize
GetVersionExW
GetVersionExA
GetLocaleInfoW

shell32

DllGetVersion
SHGetFolderPathW
ShellExecuteExW
SHBrowseForFolderA
ShellExecuteW
ShellExecuteExA
SHGetFileInfoA
SHFileOperationW
SHGetPathFromIDListA
CommandLineToArgvW
Shell_NotifyIconA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ