18888fc029f9c16a74ddf0227e40692a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18888fc029f9c16a74ddf0227e40692a_JaffaCakes118
Size

188KB
MD5

18888fc029f9c16a74ddf0227e40692a
SHA1

209a8da7e5ddafcc30a7c8ead6b4169e3398d580
SHA256

9e32a547dd7e2ecde0e54696faf430b0de3228fc856374c699931bc165e5ab56
SHA512

cf366ad9b193e8ba6a3e1b7918383e4de3dfe28fbc8ce9a9c4cb561a2243ae1d2b9319c106572c6ce495b092827f0f3d12029a1c718e2e527cfd91d97beb8c42
SSDEEP

3072:j0keEiGgr0YJnwAHi196cv55Ci4TWacScuYwlinrWL:jReF0YKAYCi4DUwknK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18888fc029f9c16a74ddf0227e40692a_JaffaCakes118

Files

18888fc029f9c16a74ddf0227e40692a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e83475516dd5ea9edb55187aeb1f1873

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDC
CharNextA
GetSystemMetrics
GetDesktopWindow

kernel32

GetOEMCP
GetDriveTypeA
GlobalFindAtomW
lstrlenA
GetCommandLineW
lstrlenW
GetVersion
DeleteFileW
GetCurrentProcess
RemoveDirectoryA
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
DeleteFileA
lstrcmpiW
GetModuleHandleW
lstrcmpA
GetCurrentProcessId
GetUserDefaultLangID
GetCurrentThread
MulDiv
CopyFileA
IsDebuggerPresent
GetThreadLocale
VirtualAlloc
LoadLibraryW
GetConsoleOutputCP
GetProcessHeap
SetLastError
QueryPerformanceCounter
SetCurrentDirectoryA
GetStartupInfoA
GetTickCount
GetWindowsDirectoryA
Sleep
lstrcmpiA
GlobalFindAtomA
GetACP
GetLastError

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ