JaffaCakes118_5718b9d98c2b5f09acf7c2d46f24f0da693fff624908199d999b778983c8ee6c

General

Target

JaffaCakes118_5718b9d98c2b5f09acf7c2d46f24f0da693fff624908199d999b778983c8ee6c
Size

2.5MB
MD5

2b4fd56d6929d8c8453f42734e0284c9
SHA1

10854d45c935be4aaa69dec17b35909a7a00ad7c
SHA256

5718b9d98c2b5f09acf7c2d46f24f0da693fff624908199d999b778983c8ee6c
SHA512

a5501e68260558ac3b14c726bb312b3c596fe3ea4e1aa9c52593d9fd20dd558303520fcb8b74318074ddbbfc595038a3b55a4167c914b6f70f7824dd9edbdc35
SSDEEP

49152:D0mlftHef66Fnihb54NRntXI8GKiIcFToNRrqRpgIZmjKy5t3rcvkvTv77mU5:gQ96FnWb5UXI89YNoTqvg5t4YZ5

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7fba11e6cf45e2b1f27fa0011e65c00c71c227d151eb4ed7975e50320f9e26c8

JaffaCakes118_5718b9d98c2b5f09acf7c2d46f24f0da693fff624908199d999b778983c8ee6c
.zip

Password: infected
7fba11e6cf45e2b1f27fa0011e65c00c71c227d151eb4ed7975e50320f9e26c8
.exe windows:6 windows x64 arch:x64

734fa76ca9e554493dee33f5d41c7651

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetThreadTimes
SetConsoleCP
WriteConsoleW
AttachConsole
CloseHandle
ReadConsoleW
OutputDebugStringW
SleepEx

comctl32

ImageList_LoadImage
FlatSB_SetScrollProp
ImageList_Copy
ImageList_GetIcon
ImageList_Add
ImageList_Merge
MenuHelp
UninitializeFlatSB
ImageList_EndDrag
LBItemFromPt
ShowHideMenuCtl
InitCommonControlsEx

shell32

SHGetMalloc
SHGetDiskFreeSpaceExW
ShellMessageBoxW

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE