dfdbf9df5b04c41a85455196492348c9_JaffaCakes118 | Triage

Sharing

General

Target

dfdbf9df5b04c41a85455196492348c9_JaffaCakes118
Size

272KB
MD5

dfdbf9df5b04c41a85455196492348c9
SHA1

740636383155b418c293345f4576d5569d4f9881
SHA256

d6baf65069993147d9527dab959b5e828562568d8b90970b165f3389d781923d
SHA512

fb3401f0376250e347a57ef1c4fa92607225742429088db2640388fe699281279101570c520e03166fa04f5d1cc77fe8ff3dff61fceb460be68bd17e4773f4ad
SSDEEP

6144:9x5ZG0h2Bg8WNo+Ik/P/Godl8BwYf4Nnpwp2uWDBJJ3UWQi:nbGQ2ByC2H/Gob8iY6pC2u0Bvd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfdbf9df5b04c41a85455196492348c9_JaffaCakes118

Files

dfdbf9df5b04c41a85455196492348c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

22a9e236a49bc7fceb50980b3084f404

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapReAlloc
VirtualQuery
VirtualAlloc
TlsAlloc
SetLastError
GetSystemTimeAsFileTime
HeapDestroy
EnumSystemLanguageGroupsW
IsBadWritePtr
HeapCreate
GetWriteWatch
GetCurrentProcessId
HeapAlloc
QueryPerformanceCounter
VirtualFree
TlsFree

shell32

SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW

shlwapi

PathAddBackslashW

winmm

mciSendCommandA

oleacc

CreateStdAccessibleObject
AccessibleChildren

user32

DestroyIcon
LoadStringA
GetDlgItem
GetWindow
SetWindowTextA
LoadImageA
CreateWindowExA
GetParent

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ