JaffaCakes118_4842c8ae27f9c502819b7d42f394c951 | Triage

Sharing

General

Target

JaffaCakes118_4842c8ae27f9c502819b7d42f394c951
Size

180KB
MD5

4842c8ae27f9c502819b7d42f394c951
SHA1

226e043c423a6e034b7b2b7226abd0b22befa089
SHA256

1971545ba21f8cac97d3bedce32dacd9b927c2350e9354b507d41a7b0cfe8ea6
SHA512

c6edadf55617ce22fff8a68f15e230d5f638c5458130242826709cd925ab69142f2c5a42b1228ef3f3d254395109e3cc1a4abb30a48552d40d3da9f3f2d217ca
SSDEEP

3072:mbBSuGE8WzfzV6blPg1FrFJcYxS+WozLPleMCwtfhlAPw9dwfi0D:MGERHVNDFGYx3RLPl/CwtfhlAUdwa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4842c8ae27f9c502819b7d42f394c951

Files

JaffaCakes118_4842c8ae27f9c502819b7d42f394c951
.exe windows:4 windows x86 arch:x86

05e730ab49434972de0f7296b784355e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
DeleteCriticalSection
InitializeCriticalSection
GetAtomNameA
FindFirstFileW
FindResourceW
GlobalUnlock
FindClose
MultiByteToWideChar
GetPrivateProfileIntW
GetModuleHandleW
FindFirstChangeNotificationW
LoadResource
GetVersionExA
FindCloseChangeNotification
LoadLibraryA
WaitForSingleObject
GetPrivateProfileStringW
EnumResourceTypesA
CloseHandle
Sleep
GetCurrentDirectoryW
GetModuleFileNameW
GetTickCount
LoadLibraryW
WritePrivateProfileStringW
lstrlenW
LockResource
IsValidCodePage
GlobalLock
FreeLibrary
FindNextChangeNotification
GlobalAlloc
GetProcAddress
GlobalSize
GetVersionExW
GetLocaleInfoW

shell32

SHGetImageList
ShellExecuteW
SHGetFileInfoA
CommandLineToArgvW
ShellExecuteExA
ShellExecuteExW
SHBrowseForFolderA
SHGetPathFromIDListA
SHFileOperationW
SHGetFolderPathW
Shell_NotifyIconA

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ