JaffaCakes118_8888145b33aa163e5735260c9ee4059c | Triage

Sharing

General

Target

JaffaCakes118_8888145b33aa163e5735260c9ee4059c
Size

172KB
MD5

8888145b33aa163e5735260c9ee4059c
SHA1

d9745a72ba82507e6ce9013367aa93a89eec03c9
SHA256

aed03500ea174b94cd4382ddf03af3fdbf45df423f3099c9be69cf76abb588c2
SHA512

7bd1c54dc88eece2bd6c3f3b5cdf9c985a531d1429714d7b533cfc0b5b2a57beb71d00a5c865536bee7847e0abee61107ee31c5acb3cc09f3f15142682738273
SSDEEP

3072:boqDGUf0RRfoJLDw76Ixeki38ETjMqcE:boqY0LO6IxekisEa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_8888145b33aa163e5735260c9ee4059c

Files

JaffaCakes118_8888145b33aa163e5735260c9ee4059c
.exe windows:4 windows x86 arch:x86

94dc643d4a1881a42dc2832458315646

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
GetFileAttributesW
GetCurrentThreadId
SetEnvironmentVariableW
VirtualProtect
GetCalendarInfoW
GetProcAddress
OutputDebugStringW
GetModuleFileNameW
GetFileInformationByHandle
MultiByteToWideChar
OutputDebugStringA
FreeLibrary
GetModuleHandleA
lstrlenW
DuplicateHandle
GetLastError
CreateDirectoryW
GetCurrentDirectoryW
EnumResourceNamesA
InitializeCriticalSection
ExitProcess
LocalAlloc
GetProcessId
WideCharToMultiByte
lstrcmpiW
GetCurrentProcess
InterlockedExchange
SearchPathW
VirtualQuery
SetLastError
GetModuleHandleW
Sleep

gdiplus

GdipGetImageWidth
GdipDisposeImage

ole32

CoGetDefaultContext
CoTaskMemAlloc
CoUninitialize
StringFromGUID2
CoInitialize
CoTaskMemFree

shlwapi

PathIsUNCW
SHRegGetValueW
StrDupW
PathGetArgsW
PathSkipRootW
PathFindFileNameW

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ