104d62d7c8a6453e48a463234123475d_JaffaCakes118 | Triage

Sharing

General

Target

104d62d7c8a6453e48a463234123475d_JaffaCakes118
Size

204KB
MD5

104d62d7c8a6453e48a463234123475d
SHA1

e67ddad2339a89433fa21e844da4ca6664500e83
SHA256

7dddb3a9981dcc45eae40f9a032e342a3111c35004a5510434af53b0ccb3c6a7
SHA512

8edb75946ed98adfcb8330350cae62a7bcbbe0dca9f5830c080b7ffb2495ac420806fc4f1da29c427829a891239a6238ff21b806a320a5970058a4d23c905ac2
SSDEEP

3072:E7aMXqT8hopTIbQ/mWKyqkTZOdWJs05lCdT6lfM0/k4zLvuRhXV:QigWIcKyqkTAWt/cGzq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
104d62d7c8a6453e48a463234123475d_JaffaCakes118

Files

104d62d7c8a6453e48a463234123475d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d9b6c11c74e02442626d2918f22c6ecd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDC
CharNextA
GetDesktopWindow
GetSystemMetrics

kernel32

MulDiv
GetDriveTypeA
GlobalFindAtomW
SetCurrentDirectoryA
GetCurrentThreadId
GetModuleHandleA
RemoveDirectoryA
SetLastError
GetOEMCP
lstrlenA
GetCurrentProcess
GetThreadLocale
GetVersion
GetCurrentThread
GetConsoleOutputCP
Sleep
GetModuleHandleW
GetACP
GetLastError
QueryPerformanceCounter
GetProcessHeap
DeleteFileA
lstrlenW
lstrcmpA
lstrcmpiW
lstrcmpiA
GetCurrentProcessId
GetCommandLineW
CopyFileA
GlobalFindAtomA
GetCommandLineA
GetStartupInfoA
GetUserDefaultLangID
DeleteFileW
GetWindowsDirectoryA
GetTickCount
IsDebuggerPresent
VirtualAlloc
LoadLibraryW

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ