JaffaCakes118_4f2ded81344b208850afebb3092622fe | Triage

Sharing

General

Target

JaffaCakes118_4f2ded81344b208850afebb3092622fe
Size

295KB
MD5

4f2ded81344b208850afebb3092622fe
SHA1

eb8e3c039ac7f6facd483be98f578007d4d6a5b3
SHA256

1ad4ff82cd60f22aabff678bfe7718aa86a43a284e4ab553c9357393d2f741b7
SHA512

65d040e3744e1acf45097014e25e81ba9c51c165bc7f23b4cbbeb079d13d353243a1469e29ab2f087ff50e556cbb56ed3d1dc7d17c80432acacdfae705796c63
SSDEEP

6144:16liWR03uny49Jw8+b8d+4dhxbzalDaMXkaMydzch4RmNkSrWoyCkeW+s:16jWJ49Jw9b8k4dhJax/kajyh44/2e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4f2ded81344b208850afebb3092622fe

Files

JaffaCakes118_4f2ded81344b208850afebb3092622fe
.exe windows:4 windows x86 arch:x86

9c67bb5f82fd6a42128f5b61869ca3e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetAtomNameW
VirtualAlloc
SetStdHandle
WriteConsoleA
GetDateFormatA
GetTimeFormatA
GetConsoleOutputCP
HeapReAlloc
GetOEMCP
TlsGetValue
MultiByteToWideChar
SetFilePointer
EnumResourceNamesA
TlsSetValue
GetCPInfo
GetACP
FindResourceA
GetLocaleInfoA
IsValidCodePage
TlsAlloc
HeapSize
RtlUnwind
RaiseException

occache

FindControlClose

shell32

SHGetDataFromIDListW
DragAcceptFiles
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteExW
SHGetMalloc
SHBrowseForFolderW
SHAppBarMessage
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetFileInfoW
Shell_NotifyIconW

Sections

.text
Size: 144KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ