19b924a83136962f80fbf9e8c717be0d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19b924a83136962f80fbf9e8c717be0d_JaffaCakes118
Size

216KB
MD5

19b924a83136962f80fbf9e8c717be0d
SHA1

ec9bdc6066e6ce9748f9db8e505ca0c4b07c8ffc
SHA256

49604add91f46d8840480a39ae40220f63bad7754bc437d5ce84205a9a1069fa
SHA512

33cac05414558b809e1a9f8accef6a28653a169ece5fd116a75db9eeb87bf8bc0495c7813302aa30b85edbe5de525090ab2c58001c52e64415443d76696beeb4
SSDEEP

3072:9RCKX7qFT8lAFAila+3W9bu9FcNVGBgjxkInNZ6duAl:GKXRAFAnIW9q9qN2gjx/2d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19b924a83136962f80fbf9e8c717be0d_JaffaCakes118

Files

19b924a83136962f80fbf9e8c717be0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc2fad093a33dc944782a9e32602d9d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
VirtualProtectEx
FindAtomA
GetCalendarInfoA
WriteFile
FindNextFileA
GetCurrentDirectoryA
CancelWaitableTimer
GetStartupInfoA
FreeLibrary
GetThreadTimes
GetProcessVersion
VirtualUnlock
RaiseException
ClearCommBreak
IsSystemResumeAutomatic
GetDriveTypeA
GetWindowsDirectoryA
Module32First
ExitProcess
DisconnectNamedPipe
GetComputerNameExA
VirtualAlloc
GetCurrentProcess
GetDevicePowerState
GetProcAddress

wininet

HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
FindNextUrlCacheEntryW
HttpSendRequestA
InternetOpenA
InternetOpenUrlA

Exports

Exports

Xfeqrqw
Qyqhcyegw

Sections

.rtext
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 204KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ