JaffaCakes118_20f578e52bd61272430b0c5dc4539c43 | Triage

Sharing

General

Target

JaffaCakes118_20f578e52bd61272430b0c5dc4539c43
Size

269KB
MD5

20f578e52bd61272430b0c5dc4539c43
SHA1

2db68c429efdddb98eec834c86602c324d98e304
SHA256

94d46e8b54da27abcf3a5e486a477bb2c153c548ec3bb1aa15c10e8a31ac4037
SHA512

03b1cc5fb86dbc931a8d0a9d208bb07ca8f85a5f792ff0462e2330346e6779c6b06282843e806b2d8739830ebb91a874d2f8771f6f5a44ceeaa34fc2fee9f8a4
SSDEEP

6144:RBzt6s0m48hTQKZ5yoYTQrAPQrlOuHBne7BzhT4X+GLWpZu:RBD48pQKZ5FYTQUQbHAVFT4X6j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_20f578e52bd61272430b0c5dc4539c43

Files

JaffaCakes118_20f578e52bd61272430b0c5dc4539c43
.exe windows:4 windows x86 arch:x86

37ac312b82bda82dccea161aa4602495

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
HeapFree
IsBadWritePtr
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapDestroy
TlsAlloc
VirtualFree
EnumSystemLanguageGroupsW
HeapAlloc
GetWriteWatch
GetCurrentProcessId
QueryPerformanceCounter
VirtualQuery
SetLastError
TlsFree

oleacc

CreateStdAccessibleObject
CreateStdAccessibleProxyA

shell32

SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW

winmm

mciSendCommandA

shlwapi

PathAddBackslashW

user32

GetWindow
LoadImageA
DestroyIcon
CreateWindowExA
LoadStringA
SetWindowTextA
GetDlgItem
GetParent

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ