397ad030564aba2e1d0db1d8513de362_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

397ad030564aba2e1d0db1d8513de362_JaffaCakes118
Size

200KB
MD5

397ad030564aba2e1d0db1d8513de362
SHA1

3cca648a3c3ba937e72a852f264b63fb4cd02177
SHA256

d33b888a993433cb7b7e59263d36dc50b36e8eb49497746c41670016e1ef5b59
SHA512

9f10bf80426450685ca29b29387f162402092c362f806f612959497e5ad01c00b7aaecdbaae4d2ece27253e4f63015a256ef813d4b912373130a0740a4b5cda8
SSDEEP

3072:rxi09iWOlJk4jTirP7L3s4x1oztG6j2sY+CyRV5QrIymu7wDCLJOXrjGHUyK:rxXEx9Es4x1ozk66eJFuJOXrjGHU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
397ad030564aba2e1d0db1d8513de362_JaffaCakes118

Files

397ad030564aba2e1d0db1d8513de362_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e5c46cbc9dba1d0b1d38c2cea43cbef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameA
OpenProcess
SetMessageWaitingIndicator
EnumSystemLanguageGroupsA
InterlockedExchange
GetFullPathNameA
ExpandEnvironmentStringsA
TerminateThread
HeapDestroy
IsValidCodePage
EnumTimeFormatsA
FlushConsoleInputBuffer
MoveFileWithProgressA
GlobalUnlock
DeviceIoControl
SetFilePointer
RemoveDirectoryA
SetSystemTime
GetPriorityClass
LZCopy
VirtualAlloc
GetConsoleCursorMode
GetDllDirectoryA
GetSystemTime
RaiseException

wininet

InternetOpenW
InternetConnectA
HttpOpenRequestA
InternetReadFile
HttpSendRequestA
HttpQueryInfoA
InternetSetOptionW

Sections

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 164KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ