f9194b7e3c5e757d70512c16c6e5905c_JaffaCakes118 | Triage

Sharing

General

Target

f9194b7e3c5e757d70512c16c6e5905c_JaffaCakes118
Size

172KB
MD5

f9194b7e3c5e757d70512c16c6e5905c
SHA1

6dd3fba556e8c9b9671878c137c1a437b036b685
SHA256

12c681c995df3ee0ebfa932a476a813e3d76ea6c67a564b09700431eae28cc38
SHA512

516fd7035937d59690a07c28fdab8748e882dc410e62c884b76782678fc7a493c7560bf327d3f3e0a28201a5a1f05d5001555765d2c2df6df71192d84bca57b7
SSDEEP

3072:97p4RD9L54Gj+Zz/RKQq3niuwI0UD1U4w7ejvTYxD/PcLJWA:RS19yxVpKQ6z1U4w8TYxzH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9194b7e3c5e757d70512c16c6e5905c_JaffaCakes118

Files

f9194b7e3c5e757d70512c16c6e5905c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e25ee84aa96fe333d7642550aec8396

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetCalendarInfoW
GetFileAttributesW
GetFileInformationByHandle
ExitProcess
SetEnvironmentVariableW
lstrlenW
GetModuleHandleA
CreateDirectoryW
GetModuleHandleW
GetProcAddress
LocalFree
VirtualProtect
lstrcmpiW
OutputDebugStringW
EnumResourceNamesA
VirtualQuery
GetLastError
DuplicateHandle
LocalAlloc
InitializeCriticalSection
GetCurrentDirectoryW
GetProcessId
OutputDebugStringA
MultiByteToWideChar
GetModuleFileNameW
GetCurrentThreadId
FreeLibrary
GetCurrentProcess
SetLastError
InterlockedExchange
SearchPathW
Sleep

ole32

CoGetMalloc
CoInitialize
CoUninitialize
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree

gdiplus

GdipGetImageWidth
GdipDisposeImage

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ