JaffaCakes118_626bb8d20eadf1e57950a1c4604f0a60 | Triage

Sharing

General

Target

JaffaCakes118_626bb8d20eadf1e57950a1c4604f0a60
Size

131KB
MD5

626bb8d20eadf1e57950a1c4604f0a60
SHA1

897b23f27197b8add504d1f9bb0d25886d6c4340
SHA256

dd0b90c97f8d1e80300246c5e35586e1cd54193b9d5702e00a3d2bcdb2738c08
SHA512

963a1d2f99dc641005576f28a7db4ecfbdc4d57379b0f97ff872d35e6f4031bef7b443ca904e73436ecb9178245c100dff052bb126fdd9b103231374c779ee36
SSDEEP

3072:/7CYnYdQwGDC0xTGNvi1/Ob368PsyWWB1/h:jCYnYdQwGho612z6FWB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_626bb8d20eadf1e57950a1c4604f0a60

Files

JaffaCakes118_626bb8d20eadf1e57950a1c4604f0a60
.exe windows:5 windows x86 arch:x86

4c87a62eb02966da0839bf49a31c15e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetPrivateProfileSectionA
GlobalFlags
GetVersionExA
GlobalLock
GetFileAttributesW
DeviceIoControl
GetFileAttributesW
GetStdHandle
HeapFree
OpenMutexA
FindVolumeClose
GetCurrentThread
CloseHandle
lstrlenA
CreateEventA
GetCurrentProcess
GetStringTypeA
GetDriveTypeA
LoadLibraryA
VirtualProtectEx
GetPrivateProfileIntA

shell32

DllUnregisterServer
DuplicateIcon
DragFinish
DragAcceptFiles
SHFree
ShellAboutA
ExtractIconA
ShellMessageBoxA
SHFree
SHGetSettings
SHGetMalloc
DragQueryFileA
StrChrA

odbccp32

SQLInstallODBC
SQLConfigDataSource
SQLInstallDriver
SQLGetAvailableDrivers

uxtheme

CloseThemeData

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.import
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ