JaffaCakes118_48c5af8114a5aed07fa3a400877132d5 | Triage

Sharing

General

Target

JaffaCakes118_48c5af8114a5aed07fa3a400877132d5
Size

179KB
MD5

48c5af8114a5aed07fa3a400877132d5
SHA1

f564562c0a363069fd5684857876d68e19555841
SHA256

4f9d4b811f5c7f7d2ed411dc11d1d8d8f7ddd6a38f678cbda7c08d2b81c85cc0
SHA512

dd7a02cc60ae37e15fa40e88a549dbb7bcd3a08e28708be023a4280484c149c15ae91e3e0344dd582b98cc1b14e44805c2b1850099cd845e98dc3a0b794ff603
SSDEEP

3072:qXj5OufhDwkH8m0Df4v9coDzldEM4Q/GxO/aUm76/CdD0lZnJJDwY:Wj5bfhDp8mQfovPEML0O/C7FKPk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_48c5af8114a5aed07fa3a400877132d5

Files

JaffaCakes118_48c5af8114a5aed07fa3a400877132d5
.exe windows:4 windows x86 arch:x86

17baddf2ac1a115d082313393103d504

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

oleacc

LresultFromObject
CreateStdAccessibleObject

user32

GetDC
SetCursor
GetWindowLongA
ReleaseCapture
SetWindowLongA
GetSysColor
IsWindow
GetDlgItem
FillRect
LoadCursorA
GetWindowInfo
MoveWindow
SetWindowPos
ReleaseDC
SetCapture

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

SetTapePosition
GetLocalTime
ClearCommError
Sleep
FindClose
GetWindowsDirectoryA
InterlockedExchange
EnumResourceNamesA
GetCurrentProcessId
FatalExit
GetVersion
FindFirstFileA

winmm

mciSendCommandA
sndPlaySoundA

ole32

CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ