09e86c23c9d99861998497522fe10022_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09e86c23c9d99861998497522fe10022_JaffaCakes118
Size

201KB
MD5

09e86c23c9d99861998497522fe10022
SHA1

9703ea2d3d07286eb4123b1faa08bd9747f8121c
SHA256

8d85e2abfb2b240f3073150f2e902aa4eeb8e28e8e5e7e2d369e63e444deb8e5
SHA512

74d06f234c72aacd7f3bc3a203491bd661550d94ff7ec0b5075e4c0a8b315ed26acdf15636010c7ce6a54bffb242ef89a846e499ce5d7b784b74f98b21399bd0
SSDEEP

3072:5KlSqZ6u8SOS55aMvq7XZTGyHWl9dKNGX7gDQtVE9nfL84/rOiQG8d:4l9Z6u8kg0gDQbEBfLv/61G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09e86c23c9d99861998497522fe10022_JaffaCakes118

Files

09e86c23c9d99861998497522fe10022_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3aa306cf918872f1b3e283e58000105c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDC
GetSystemMetrics
CharNextA
GetDesktopWindow

kernel32

GetModuleHandleA
GetUserDefaultLangID
lstrcmpA
CopyFileA
GetThreadLocale
GetDriveTypeA
GetCurrentThread
DeleteFileW
GetCommandLineW
GetCurrentProcessId
GlobalFindAtomW
VirtualAlloc
MulDiv
GetCommandLineA
LoadLibraryW
GetCurrentThreadId
QueryPerformanceCounter
GetLastError
GetOEMCP
DeleteFileA
SetCurrentDirectoryA
Sleep
GlobalFindAtomA
GetConsoleOutputCP
GetTickCount
lstrlenA
SetLastError
RemoveDirectoryA
GetProcessHeap
lstrcmpiA
GetStartupInfoA
IsDebuggerPresent
lstrcmpiW
GetWindowsDirectoryA
GetCurrentProcess
lstrlenW
GetModuleHandleW
GetACP
GetVersion

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ