00032c8c50a034e97a94d88168d68de1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00032c8c50a034e97a94d88168d68de1_JaffaCakes118
Size

274KB
MD5

00032c8c50a034e97a94d88168d68de1
SHA1

2804d72baf9c0b0a8404684956917377586e2dfd
SHA256

c778a6785714757ad794d7d380abb9a62df8a7370c3dcbaf3d83c9bbb9e45103
SHA512

e458ee5a7bbea4aff8f5d3a44be5a35058147180f4e79f9e105b40224794248fbc0046af9e06c34d6633090ecd949d59bd35bed2fd1849ea7e08c36eec7da239
SSDEEP

6144:IttiHQSIk0Xbcgpb28ykB2+f0LfC9pRXBeZsK:IiwtnbZJ0LfCLD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00032c8c50a034e97a94d88168d68de1_JaffaCakes118

Files

00032c8c50a034e97a94d88168d68de1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

19e9b4c563669b0b49eeddc02c123e8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindAtomA
GetSystemTime
CloseHandle
WriteFile
GetTickCount
CreateFileA
GetLastError
GetLocalTime
GetVersion
lstrcatA
lstrcpynA
lstrlenA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
GetTempPathA
WaitForSingleObject
CreateProcessA
lstrcpyA
GetTempFileNameA
lstrcmpA
ExitProcess
RtlUnwind
VirtualQuery
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

GetCaretPos
GetCursorPos
EqualRect
wsprintfA
IsWindowVisible
InflateRect
ClientToScreen
GetWindowRect
GetFocus

shlwapi

SHGetValueA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE