cddea6050815701d81b0e09d7f2c15c3_JaffaCakes118 | Triage

Sharing

General

Target

cddea6050815701d81b0e09d7f2c15c3_JaffaCakes118
Size

170KB
MD5

cddea6050815701d81b0e09d7f2c15c3
SHA1

34b2edbb877ac76146e90ea5e7f12063bcb57a4b
SHA256

dcd8c950639bd4ed17b8c9c67ea5f7590040c4a97fc55de6f56bf8276a759f69
SHA512

78a5a07f6fd55caf10b61922fd2e9abc9fa92cbffb01fc432450b0b03f59c0b4f4b0de8315a75aec3d5c0fe7dc8522e39838590a70aad688741b063825a14c52
SSDEEP

3072:J6gekefXoHjWWdif83587QVlseQ3G60lUe4eS1ZPPKJ7hN7xpuHE:o3NfXoHJif83XVlsIlUFbbPKjlxcH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cddea6050815701d81b0e09d7f2c15c3_JaffaCakes118

Files

cddea6050815701d81b0e09d7f2c15c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

91abc31fcd6ad7972f89bead5a0d3548

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

ole32

CoGetDefaultContext
CoInitialize
StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

shlwapi

PathSkipRootW
SHRegGetValueW
StrDupW
PathGetArgsW
PathIsUNCW
PathFindFileNameW

kernel32

GetCalendarInfoW
GetModuleFileNameW
OutputDebugStringW
DuplicateHandle
GetLastError
GetProcAddress
GetFileInformationByHandle
GetModuleHandleW
lstrlenW
MultiByteToWideChar
VirtualQuery
LocalFree
SetLastError
LocalAlloc
WideCharToMultiByte
GetModuleHandleA
EnumResourceNamesA
SetEnvironmentVariableW
CreateDirectoryW
GetProcessId
lstrcmpiW
VirtualProtect
GetCurrentThreadId
GetFileAttributesW
ExitProcess
InitializeCriticalSection
OutputDebugStringA
InterlockedExchange
FreeLibrary
GetCurrentProcess
GetCurrentDirectoryW
SearchPathW
Sleep

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ