35e25bcd234d7b2b0122766d78acd01a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35e25bcd234d7b2b0122766d78acd01a_JaffaCakes118
Size

197KB
MD5

35e25bcd234d7b2b0122766d78acd01a
SHA1

a10e856eebb2b2b551365dede4098d52bec5c158
SHA256

c209b097648b387a01494e7934c0e08e0751a4289631239466ef087b64735988
SHA512

796d35853311f3d1d4e628f0388d793f0b637402caf45bb43640e2fccebb4ae5e2b4ee4587b4c170747888f04e27584f6859656f0b19719313324232a91f17a8
SSDEEP

3072:Qhi1Rt5h9udy56POVRIcItRCKO2ODLIXySoCn2wX:i6VgvXjtRdO2ODLICSoc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35e25bcd234d7b2b0122766d78acd01a_JaffaCakes118

Files

35e25bcd234d7b2b0122766d78acd01a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

187ce108de00678d6fe06fb513f1d038

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetCommandLineA
GetThreadLocale
GetCurrentThread
GlobalFindAtomW
GetConsoleOutputCP
GetTickCount
GetCurrentProcess
GetVersion
GetDriveTypeA
GetProcessHeap
GetLastError
lstrcmpA
GlobalFindAtomA
GetOEMCP
GetWindowsDirectoryA
GetModuleHandleA
MulDiv
QueryPerformanceCounter
GetCommandLineW
GetStartupInfoA
GetModuleHandleW
SetCurrentDirectoryA
lstrlenW
GetCurrentThreadId
RemoveDirectoryA
CopyFileA
lstrcmpiA
GetUserDefaultLangID
Sleep
GetACP
LoadLibraryW
lstrlenA
GetCurrentProcessId
DeleteFileW
DeleteFileA
IsDebuggerPresent
VirtualAlloc
lstrcmpiW

user32

CharNextA
GetDC
GetSystemMetrics
GetDesktopWindow

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE