JaffaCakes118_59591917d93a537c0543559a7026b9f0 | Triage

Sharing

General

Target

JaffaCakes118_59591917d93a537c0543559a7026b9f0
Size

131KB
MD5

59591917d93a537c0543559a7026b9f0
SHA1

a53b1598fcf80846da8469844b6cb0c13adb22db
SHA256

08623a47d04e3297a5b2456e3bca3b2f19749eea823fbb2ddfe12fac15d5eebc
SHA512

1632b39deadcbc0fdb1392373ee688ad343cc68ee13976e395580615276216617dde66a75d96056c51900aed1480a934b6ad9b20abe03caadd4758b29881485c
SSDEEP

1536:ocdJjGlLpvhc7InS++07hciMIWcrQZhtybhYSiyfdYbPgvzd3efQQTU5aV+8H2wx:occ2IB+InWChd9fdYsbdDtsk3mGzfS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_59591917d93a537c0543559a7026b9f0

Files

JaffaCakes118_59591917d93a537c0543559a7026b9f0
.exe windows:5 windows x86 arch:x86

6dba762c0965b0ae95b0d11fa3907851

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStringTypeA
HeapFree
CreateEventW
GetCurrentProcess
GetCurrentThread
CloseHandle
DeviceIoControl
DeviceIoControl
HeapDestroy
FindVolumeClose
GetPrivateProfileIntW
DeleteFileA
GetPrivateProfileSectionA
LocalLock
GetFileAttributesA
OpenMutexA
GetDriveTypeA
GetStdHandle
LoadLibraryA
lstrlenA
VirtualProtectEx

uxtheme

GetThemeTextMetrics
GetThemeColor
DrawThemeEdge
GetThemeBool
DrawThemeBackground
OpenThemeData
GetThemeTextExtent
IsThemeActive
GetThemeSysSize
SetWindowTheme
GetWindowTheme
CloseThemeData
CloseThemeData

odbccp32

SQLConfigDataSource
SQLInstallDriver
SQLInstallODBC
SQLGetAvailableDrivers

msasn1

ASN1BERDecBool

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ