JaffaCakes118_a3a5b5e22be71911aefdd1970fc0ca95 | Triage

Sharing

General

Target

JaffaCakes118_a3a5b5e22be71911aefdd1970fc0ca95
Size

179KB
MD5

a3a5b5e22be71911aefdd1970fc0ca95
SHA1

a95e14ffe39862f55f94fce22ec9ba947be0d918
SHA256

15a04280442257b5f642d0a725647556e2445f021e2c247d9450205d979b203a
SHA512

5baa0d90324f3386f98cc884f295854fc04d0e1a739855e6e47626e11aaedca0584c36e68dc7ab6f9b8a368111293a461c80199b4140661124219a70a3b49187
SSDEEP

3072:wFJEaw3SmCBHCLwawe4UMhqmpaEy/2I+EM0nKEpccKSFVQHeh4RU9:wFJElC3HMuEb/r3M0n7uyFSYR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a3a5b5e22be71911aefdd1970fc0ca95

Files

JaffaCakes118_a3a5b5e22be71911aefdd1970fc0ca95
.exe windows:4 windows x86 arch:x86

99b97a53fa1e32719af66e1faf3bf3e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
RtlUnwind
SetFilePointer
GlobalGetAtomNameW
GetConsoleOutputCP
GetLocaleInfoA
HeapSize
WriteConsoleA
TlsSetValue
MultiByteToWideChar
EnumResourceTypesA
SetStdHandle
IsValidCodePage
GetOEMCP
SetThreadLocale
TlsGetValue
VirtualAlloc
GetTimeFormatA
GetDateFormatA
GetCPInfo
TlsAlloc
GetACP
RaiseException

shell32

SHGetDataFromIDListW
DragAcceptFiles
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteExA
SHGetFileInfoA
Shell_NotifyIconA

user32

GetDesktopWindow
DispatchMessageA
DispatchMessageW
CharNextA
PeekMessageA
LoadStringA
MessageBoxA
wsprintfA

rpcrt4

RpcStringFreeA

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ