371f84321a09807461c0051da19f0d69_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

371f84321a09807461c0051da19f0d69_JaffaCakes118
Size

129KB
MD5

371f84321a09807461c0051da19f0d69
SHA1

450c72f3ae420c86292580c13bad3153529f3ce8
SHA256

2cf32ead0a735a13fe6c7bf1129eda986c9e4a3957f9f76011ccecadc791862c
SHA512

0f2b72470f0ff4aeaee7b5d9523805a9a2a6dd7200e307a7ec0e28fa59c2afaaef73598b562607193a66e6f28974ff4f88a6a5b831e59ba51390b74cb6410eef
SSDEEP

3072:WMUD1/wEAMP9sQO48DNR9uxReOCe5GTOG1nS:WVOMPq74a37O35gn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
371f84321a09807461c0051da19f0d69_JaffaCakes118

Files

371f84321a09807461c0051da19f0d69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4d281df764204380910697b24347b912

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
MultiByteToWideChar
GetSystemTimeAsFileTime
GetModuleHandleA
SetLastError
InterlockedExchange
GetVersionExA
SetFilePointer
Sleep
LeaveCriticalSection
GetLastError
GetEnvironmentVariableA
FindResourceExA
InterlockedCompareExchange
EnterCriticalSection
lstrlenW
GetCurrentThreadId
EnumResourceNamesW
CreateProcessA
FindResourceA
LoadResource
GetTickCount
ExitProcess
lstrcmpiA
RaiseException
TerminateProcess
SizeofResource
LockResource
QueryPerformanceCounter
WideCharToMultiByte
GetCurrentProcessId
lstrlenA
GetStartupInfoA
GetModuleFileNameA
GetCurrentProcess

shlwapi

PathAddBackslashW

user32

LoadStringW
LoadIconA
CharNextA
DestroyWindow
LoadImageA
MessageBoxW
UnregisterClassA
GetSystemMetrics
CharNextW

clusapi

CloseCluster

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ