cf86b664cbe440c27e969834c44df3ff_JaffaCakes118 | Triage

Sharing

General

Target

cf86b664cbe440c27e969834c44df3ff_JaffaCakes118
Size

182KB
MD5

cf86b664cbe440c27e969834c44df3ff
SHA1

b6e51df4c1aa38ae13ade247b3f160715b17af90
SHA256

0b59dbe7144e51b638405e7fcd3215704c952431cd7ed7155d1db401604ee314
SHA512

99e0cc3472e9d3748e4149816d281969f0502eb7bdbf3ebe57e4ecdcc12cb1e88893675dc75e8e225b5af70cb6e550b9c3f678aede3a1aabfd7b245ed47d2556
SSDEEP

3072:59GALJcnkJAYE6Ux2u9wa9qqDn6HxZYf587fSvTGU+ApvnDeumsU:59GALJcnFE/CD6HTWbZ+0jms

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf86b664cbe440c27e969834c44df3ff_JaffaCakes118

Files

cf86b664cbe440c27e969834c44df3ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ae702b9a2dff4155e5964881f1fa8a59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
GetCalendarInfoW
GetModuleFileNameW
DuplicateHandle
GetFileAttributesW
InterlockedExchange
FreeLibrary
WideCharToMultiByte
GetModuleHandleW
SetEnvironmentVariableW
SearchPathW
GetCurrentDirectoryW
VirtualQuery
CreateDirectoryW
GetCurrentThreadId
lstrlenW
OutputDebugStringA
VirtualProtect
EnumResourceNamesA
InitializeCriticalSection
GetModuleHandleA
LocalAlloc
LocalFree
GetProcessId
GetProcAddress
lstrcmpiW
MultiByteToWideChar
GetFileInformationByHandle
OutputDebugStringW
GetCurrentProcess
ExitProcess
Sleep

ole32

CoGetDefaultContext
CoUninitialize
CoTaskMemAlloc
CoInitialize
StringFromGUID2
CoTaskMemFree

shlwapi

StrDupW
PathGetArgsW
PathSkipRootW
SHRegGetValueW
PathIsUNCW
PathFindFileNameW

gdiplus

GdipGetImageWidth
GdipDisposeImage

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ