168641a0ac39a23a959a34cccf1ab331_JaffaCakes118 | Triage

Sharing

General

Target

168641a0ac39a23a959a34cccf1ab331_JaffaCakes118
Size

297KB
MD5

168641a0ac39a23a959a34cccf1ab331
SHA1

806b260e1cf5bae1efe14505517c04bb718a090a
SHA256

1cb612fa5cf5809b75c106b02d4c7ac22478018d341692cd5edba4460e8f0fbc
SHA512

11b3456ce6cef760ad1389b578f65c1cfe1113fc4dafcd4bf1142346b57664f32dc8efe622df81d1403d29727a3695a350866d4c005544cc00a078d30d3f81f6
SSDEEP

6144:Kb88yd+T1Fl15AInsSjsBeD6mymYNX/7MJUNIPW2JMimig59rUgkb:y8bd+R13D6mINIJKKW2JYCgC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
168641a0ac39a23a959a34cccf1ab331_JaffaCakes118

Files

168641a0ac39a23a959a34cccf1ab331_JaffaCakes118
.exe windows:4 windows x86 arch:x86

976794e383d9f996f84c674fb99d5149

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
lstrlenW
DeleteFileA
GetProcAddress
SetUnhandledExceptionFilter
GetTickCount
IsDebuggerPresent
UnhandledExceptionFilter
GetTimeZoneInformation
FreeLibrary
GlobalAlloc
LockResource
UnmapViewOfFile
LCMapStringW
GetLocaleInfoA
GetConsoleOutputCP
GetCurrentProcess
LocalFree
InterlockedExchange
GetStartupInfoA
GetCommandLineA
GetModuleHandleA
GetCurrentThreadId
GetVersion
GetCurrentThread
GetLastError
GetCurrentProcessId
ExitProcess
HeapAlloc
GetProcessHeap

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_strcmpi

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ