fea600a8de189f2bb2c855d4bb9be01c_JaffaCakes118 | Triage

Sharing

General

Target

fea600a8de189f2bb2c855d4bb9be01c_JaffaCakes118
Size

170KB
MD5

fea600a8de189f2bb2c855d4bb9be01c
SHA1

5ed7bd9864320e329ab552362fe116c660ddecb2
SHA256

d0197ce66acc70262f8c61e92b5791c6a21883de2c36e87a9341bf50af89dde5
SHA512

5083425bba0d1297436feca6bb2290c0012b9664cdfc7f1aa0b4988899d85f06fbbac052ec0ed82a8853d93fd79875a8f9ce37f3e1bef7082185d9bae98691d6
SSDEEP

3072:mc26ztd+oAyCaGivZcWcrGBsA4Ms+dyE/zoapy9u941LkHC1N9f:J26/3G/WQYs+q9848MB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fea600a8de189f2bb2c855d4bb9be01c_JaffaCakes118

Files

fea600a8de189f2bb2c855d4bb9be01c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dd0aa0dbabc73069e3c2d4b7da3c0148

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameA
GetConsoleOutputCP
TlsGetValue
GetTimeFormatA
GetDateFormatA
HeapReAlloc
SetStdHandle
VirtualAlloc
GetOEMCP
HeapSize
SetFilePointer
RtlUnwind
EnumResourceNamesA
GetCPInfo
TlsSetValue
MultiByteToWideChar
GetLocaleInfoA
CreateHardLinkA
TlsAlloc
GetACP
IsValidCodePage
WriteConsoleA
RaiseException

rpcrt4

RpcStringFreeA

shell32

SHGetFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteExA
SHBrowseForFolderA
SHGetFileInfoA
SHGetDesktopFolder
DragAcceptFiles
SHAppBarMessage
Shell_NotifyIconA

user32

CharNextA
LoadStringA
GetDesktopWindow
DispatchMessageW
MessageBoxA
PeekMessageA
DispatchMessageA
wsprintfA

Sections

.text
Size: 80KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ