280bf5aa872669777e3a0acc42a96b39_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

280bf5aa872669777e3a0acc42a96b39_JaffaCakes118
Size

32KB
MD5

280bf5aa872669777e3a0acc42a96b39
SHA1

4ab9ed2f9640b6370f7a7cd1461979183bdbd240
SHA256

8fbf9b3eb17ba252bd904f9ffe56e9c6c708fc410aca3437d21a58928b2df0f0
SHA512

88e5920ea7d7dd8464169fb8a1caf308ca4e085a2268fc6a6bffb334f170d05ed26be44b5f2176112d5b3661861bec32144f4ef1b39338f8587a02a893e8d092
SSDEEP

384:JPwu6z1v/WPQRPTRYhbL2I7rA/owxJj5hW4P:J4Rz5ePUlQ32WrA/ow3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
280bf5aa872669777e3a0acc42a96b39_JaffaCakes118

Files

280bf5aa872669777e3a0acc42a96b39_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eafccd23d458f101cf1994b8a3e797bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
VirtualQuery
EnterCriticalSection
GetCurrentProcess
GetLastError
CloseHandle
GetWindowsDirectoryA
FormatMessageA
lstrcpyA
UnmapViewOfFile
VirtualFree
VirtualProtect
GetCurrentProcessId
QueryPerformanceCounter
HeapSize
HeapAlloc
VirtualAlloc
CreateFileA
MapViewOfFile
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
CreateFileMappingA
InterlockedExchange
GetProcessHeap
HeapCreate
HeapReAlloc
LeaveCriticalSection
ReadFile
GetModuleHandleA
ExitProcess
LocalFree

user32

wsprintfA
MessageBoxA
GetSystemMetrics

oleaut32

VariantInit
VariantChangeType
VarUI4FromStr
VariantClear
VariantCopy

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ