JaffaCakes118_32663601c06a91564a0de6dfa310140c | Triage

Sharing

General

Target

JaffaCakes118_32663601c06a91564a0de6dfa310140c
Size

188KB
MD5

32663601c06a91564a0de6dfa310140c
SHA1

7aedbd286e02fee49db7331bf4d2e6e584ae8d2b
SHA256

4bc53d3c2b2b7e398c2ff79567c649693e8cf31ae87f687935d040909dd131af
SHA512

c8f38abf6a21d51cf797ba402345c27c9f6db1f566cb604a5915d823a073a48f9fc3627f863c6d9188f26fb38e10cb61a62d30cf62002b6dfb63cad25edb3c80
SSDEEP

3072:0FsFlM4t39BF1irIluJFJIL1hjAEdtBxYKyWXazR3jxMip:0FsFlMQNBFQrJLCzjAEdtIKrazR1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_32663601c06a91564a0de6dfa310140c

Files

JaffaCakes118_32663601c06a91564a0de6dfa310140c
.exe windows:4 windows x86 arch:x86

a6a80a7174a2c4eb141b3333ea58d2c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrDupW
SHRegGetValueW
PathGetArgsW
PathSkipRootW
PathIsUNCW
PathFindFileNameW

ole32

CoGetDefaultContext
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoTaskMemFree

kernel32

WideCharToMultiByte
CreateDirectoryW
GetFileInformationByHandle
lstrcmpiW
lstrlenW
GetCalendarInfoW
GetCurrentDirectoryW
MultiByteToWideChar
GetCurrentProcess
LocalFree
OutputDebugStringW
SetLastError
LocalAlloc
ExitProcess
InterlockedExchange
GetModuleHandleA
GetProcessId
EnumResourceNamesA
GetLastError
SetEnvironmentVariableW
DuplicateHandle
VirtualProtect
VirtualQuery
InitializeCriticalSection
OutputDebugStringA
FreeLibrary
GetFileAttributesW
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
SearchPathW
Sleep

gdiplus

GdipGetImageWidth
GdipDisposeImage

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ