JaffaCakes118_6a4ccc6f08ccac75c80aed8bbf27c931 | Triage

Sharing

General

Target

JaffaCakes118_6a4ccc6f08ccac75c80aed8bbf27c931
Size

193KB
MD5

6a4ccc6f08ccac75c80aed8bbf27c931
SHA1

c8d55a1669ac410b95da833ca5c0eff3868fdb94
SHA256

034ce53a46ab2b1842f024f35dc329f13af6554b43b4d48f8099da31d64f05e6
SHA512

0941e765ac938bfdc58b16e962339a24c70e149187e8edd9df394fa88b6c449de3b1010ae596dba6777f01076d5c8566fbb0d97d7ebc691e509e9645a5e64b71
SSDEEP

3072:BZmsaSbrVRiQpGsc/GbfdYDPvpE52xvo14z7/853sxYAIwZSLQjrLsbu1Bt:BsQpGAfGPRq2xvoUL858xeKSE7D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6a4ccc6f08ccac75c80aed8bbf27c931

Files

JaffaCakes118_6a4ccc6f08ccac75c80aed8bbf27c931
.exe windows:4 windows x86 arch:x86

d6e948211bf255d9cd0cd7480c095090

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
SetFilePointer
HeapSize
GetAtomNameW
HeapReAlloc
GetTimeFormatA
GetOEMCP
SetStdHandle
TlsGetValue
IsValidCodePage
EnumResourceNamesA
TlsAlloc
WriteConsoleA
GetDateFormatA
VirtualAlloc
FindResourceA
GetLocaleInfoA
TlsSetValue
GetCPInfo
GetConsoleOutputCP
MultiByteToWideChar
RtlUnwind
RaiseException

occache

FindControlClose

shell32

SHGetDataFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteExW
SHGetPathFromIDListW
DragAcceptFiles
ShellExecuteW
SHAppBarMessage
SHGetMalloc
Shell_NotifyIconW

Sections

.text
Size: 94KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ