cb175fcf43bb0f07227ed60c03b7d4da_JaffaCakes118 | Triage

Sharing

General

Target

cb175fcf43bb0f07227ed60c03b7d4da_JaffaCakes118
Size

171KB
MD5

cb175fcf43bb0f07227ed60c03b7d4da
SHA1

ba04ded2d6f0651eff238736779830fca66adaae
SHA256

2b31e369ba3cdbd27e6b3ef96df97c1806bf9706f314b8eacdc8d0c3367aa480
SHA512

b3571444035b30e55b18c86d9e0cda0f68566ab60e174302e32f6c177b5f4347ae3e0f024af58c8a26d43e797bfe6e525e6d7b12831063ca51ecebf3be85382b
SSDEEP

3072:4cDdvnrlP7DZKO3p8tZT8uex1P0ofhTe8lcGcGKvHfYm0Yp8X/ZcD/Cs:4cDvP7kUaZe/0oUGcbfwdfXmD/R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb175fcf43bb0f07227ed60c03b7d4da_JaffaCakes118

Files

cb175fcf43bb0f07227ed60c03b7d4da_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0494bb67a445eda6f902efcb961b6aab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
WideCharToMultiByte
GetFileInformationByHandle
InterlockedExchange
LocalFree
GetCalendarInfoW
OutputDebugStringA
SearchPathW
GetModuleHandleW
LocalAlloc
VirtualQuery
GetCurrentProcess
VirtualProtect
DuplicateHandle
GetCurrentDirectoryW
GetProcessId
GetProcAddress
lstrcmpiW
SetLastError
EnumResourceNamesA
GetLastError
MultiByteToWideChar
InitializeCriticalSection
GetModuleHandleA
ExitProcess
lstrlenW
FreeLibrary
GetCurrentThreadId
GetFileAttributesW
OutputDebugStringW
SetEnvironmentVariableW
GetModuleFileNameW
Sleep

gdiplus

GdipGetImageWidth
GdipDisposeImage

ole32

CoGetDefaultContext
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemFree

shlwapi

PathIsUNCW
PathGetArgsW
PathSkipRootW
SHRegGetValueW
StrDupW
PathFindFileNameW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ