1c5e79f5f4caab5f5c9a69ab91d478b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c5e79f5f4caab5f5c9a69ab91d478b2_JaffaCakes118
Size

86KB
MD5

1c5e79f5f4caab5f5c9a69ab91d478b2
SHA1

428d52728c29ec557f1e4df282ab76af70230823
SHA256

da981178f0a41144043dd4520814e5c49d12396c546dc29a425ca41ff29e09f4
SHA512

e5f71c7a4f59f08f9111b3d7e8f622b3ed61db7a629beaaa601070409d1585630bc96fa73c2399966634eb5a48a5e75cf25b699688a291f243f64728a2b4d2ea
SSDEEP

1536:7g+Ohsl7i2uGSuoWi9VVBwwbDHjM5EeK8l4JvW8RPkSi/CEKCHP:FOh279uR5p9VVvjqxjAW8RtECEJH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c5e79f5f4caab5f5c9a69ab91d478b2_JaffaCakes118

Files

1c5e79f5f4caab5f5c9a69ab91d478b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9065e383e4b70e9e3aefc3a558d2a6bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
EnterCriticalSection
InterlockedExchange
QueryPerformanceCounter
LeaveCriticalSection
GetModuleHandleA
HeapAlloc
CreateEventW
LocalFree
HeapFree
GetModuleFileNameA
GetModuleFileNameW
InterlockedCompareExchange
LoadLibraryA
GetCurrentProcessId
GetModuleHandleW
DisableThreadLibraryCalls
InitializeCriticalSection
InterlockedIncrement
GetSystemTimeAsFileTime
VirtualAlloc
lstrcmpiW
lstrlenW
MultiByteToWideChar
LoadLibraryW

user32

LoadIconW
BeginPaint
InvalidateRect
PeekMessageW
DispatchMessageW
GetClientRect
PostQuitMessage
SetCursor
IsWindow

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ