0bdab37c204919e3ab94a57e127dff79_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bdab37c204919e3ab94a57e127dff79_JaffaCakes118
Size

1.1MB
MD5

0bdab37c204919e3ab94a57e127dff79
SHA1

f32b54f41a423a0e80e335ab79299515df7c99c0
SHA256

5d73e59cab9a352083f56a490a23b6d5521f27ef087053790d9284e7453cab41
SHA512

3bfcb4d87dd399b636a3a8d29361b34effd30d34ca1615371385ee0d1d957fec628e3e098ea89b5f51e1645454632bbebb08049fe6e517bf792b2b720306e9d1
SSDEEP

6144:GBdBdBdBdBrvM6hyNve918TawGAA89JHdlWi+gi8vFkikf8+Zu782uErMSMASGu0:gZ/+g+ykliR49CC77C8NkfuBMWLo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bdab37c204919e3ab94a57e127dff79_JaffaCakes118

Files

0bdab37c204919e3ab94a57e127dff79_JaffaCakes118
.exe windows:5 windows x86 arch:x86

89018c3466d60d458a43d7e0b1eeb3e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetCurrentProcessId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
ExpandEnvironmentStringsW
LocalAlloc
LocalFree
MultiByteToWideChar
ProcessIdToSessionId
VirtualFree
WideCharToMultiByte
LoadLibraryA
LoadLibraryW
GetDriveTypeA
GetModuleHandleW
GetWindowsDirectoryW
VirtualAlloc

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA

shlwapi

StrCatW

msvcrt

_XcptFilter
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
_stricmp
_wcsicmp
exit
printf
sprintf
strstr
wcscpy

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ