3b2d31402933551602b8113f9109aeb8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b2d31402933551602b8113f9109aeb8_JaffaCakes118
Size

364KB
MD5

3b2d31402933551602b8113f9109aeb8
SHA1

e6a15c4a092dc33017d58d92fb76603b19686ba3
SHA256

3f23bd96d7a872e0c04dca69ea10a3d4430b4e3f0c5b48b02e2c32045e74d68a
SHA512

235cac2f960096c7018de35ad50b6159b6db3a0e9df9c7eff9e94327963983d1b08a2f13324bf9f4cbba0edd2131eabb632a30909e2eddebea8ae63a300ac7c8
SSDEEP

6144:zOA+Yx4Ki3EmEA5M4Oo9bKBZAcx3rEz5vLqb4yXgn/e6/HfNY:zt+Oy0m364eBZ1rERNy6GU/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b2d31402933551602b8113f9109aeb8_JaffaCakes118

Files

3b2d31402933551602b8113f9109aeb8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6edf7ff4bdf1b91ae4e45443ab4f881c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
SetThreadIdealProcessor
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
LoadLibraryA
FlushViewOfFile
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
GetTickCount
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
ReadConsoleW
DebugActiveProcess
ExitProcess
InterlockedExchange
RtlUnwind
VirtualQuery
QueryPerformanceCounter

gdi32

SetICMProfileW
DPtoLP
PolyBezier
SetMetaRgn
GetICMProfileW
ChoosePixelFormat
ExtCreateRegion
GetMetaFileA
FillPath
GetGraphicsMode
OffsetWindowOrgEx
Arc
CreateColorSpaceA
AddFontResourceA
GetOutlineTextMetricsW
ResetDCA
FlattenPath
StartDocW
GetMetaFileBitsEx
ExtSelectClipRgn

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ