JaffaCakes118_b5e0270d0b80dbfa5576d55e1d762c08 | Triage

Sharing

General

Target

JaffaCakes118_b5e0270d0b80dbfa5576d55e1d762c08
Size

165KB
MD5

b5e0270d0b80dbfa5576d55e1d762c08
SHA1

1477b9677e5b2f4a8f786dc3968e87c51ab3d141
SHA256

21c1f4911cfda2b312d548a050dc4270cb9e764115746eacfa2e3d8f87daea09
SHA512

6d20a9278fb1a1276ab30debaf7282ed627fed461666797a6c66e9452a5f289ce3ad9d002dd195da889ccf626194b02a0eaaaa8f3f7d87d873c97af52997645f
SSDEEP

3072:Hiw0IZJ1/pFFPySAip8OfKAYwcOeZ1It+cz4dT/BazCjklBwIIyM:HKIr1hFFPbpRKEcLm+cz4YCglU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_b5e0270d0b80dbfa5576d55e1d762c08

Files

JaffaCakes118_b5e0270d0b80dbfa5576d55e1d762c08
.exe windows:4 windows x86 arch:x86

5e1161402ecc1d0201fa84495e5b3b8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetTickCount
GetCommandLineA
CreateFileA
GlobalGetAtomNameA
FormatMessageA
SetUnhandledExceptionFilter
CreateDirectoryA
GetModuleFileNameA
LocalAlloc
LoadLibraryExA
GetPrivateProfileSectionA
EnumResourceTypesA
TerminateProcess
WritePrivateProfileStringA
lstrcatA
WriteProfileStringA
GetPrivateProfileIntA
GetCurrentProcessId
SizeofResource
IsValidCodePage
GetProfileStringA
lstrcpyA
LoadResource
SetErrorMode
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetFileAttributesA
IsDBCSLeadByte
GetProcessTimes
lstrcpynA

shell32

SHIsFileAvailableOffline
DragAcceptFiles
SHBrowseForFolderA
ShellExecuteExA
SHGetFileInfoA
SHGetPathFromIDListA
Shell_NotifyIconA

version

GetFileVersionInfoA

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ