079c8aa8f21552c90fb7d3a06bd913b4_JaffaCakes118 | Triage

Sharing

General

Target

079c8aa8f21552c90fb7d3a06bd913b4_JaffaCakes118
Size

196KB
MD5

079c8aa8f21552c90fb7d3a06bd913b4
SHA1

35c0b33371345448a30ba6fa0442dbb15ce2c567
SHA256

81a16ffe58302f80f13ead502f656fca60fac68fc7dcc6dd523b1e763fddd36b
SHA512

e536db7cb2a4f300e6d206829f50839a43b867eef8a402330980f0357978009e3f6a9048f0703bc232fbbece1677595288ec2b1a706fe08e62f6b8d1153660e1
SSDEEP

3072:4gUEWVYnprr0dN4ClwtRoU2xqQt4p0cLMLmnvsWLvPFZWurIOQ:XnW5NeJJBLMqUWDFMQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
079c8aa8f21552c90fb7d3a06bd913b4_JaffaCakes118

Files

079c8aa8f21552c90fb7d3a06bd913b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0c0ff0290d1188a685a552dafdb74c06

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
lstrcmpiW
GetModuleHandleW
GetProcessHeap
lstrcmpiA
GetCurrentThreadId
GetVersion
Sleep
GetStartupInfoA
GetOEMCP
GlobalFindAtomW
GetModuleHandleA
LoadLibraryW
DeleteFileA
GetUserDefaultLangID
IsDebuggerPresent
GetThreadLocale
GetWindowsDirectoryA
GlobalFindAtomA
GetCurrentThread
lstrlenA
GetACP
DeleteFileW
GetCurrentProcess
SetLastError
GetTickCount
GetCommandLineA
lstrcmpA
GetDriveTypeA
lstrlenW
GetCommandLineW
GetConsoleOutputCP
GetLastError
VirtualAlloc
QueryPerformanceCounter
RemoveDirectoryA
SetCurrentDirectoryA
MulDiv
CopyFileA

user32

CharNextA
GetSystemMetrics
GetDC
GetDesktopWindow

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ