42875a2c0e2a28696b75918e45d8fe65_JaffaCakes118 | Triage

Sharing

General

Target

42875a2c0e2a28696b75918e45d8fe65_JaffaCakes118
Size

367KB
MD5

42875a2c0e2a28696b75918e45d8fe65
SHA1

ebec2df0aa9fbe8841590b980e5323de7ddf2eca
SHA256

a13f48efb9f6352e680a66a2394312ac135890b25ed8eef9568042e1b8216262
SHA512

c35a7b481633d83053d834a8b8c42123e0538b49039d5cc3cc48f436b39fa8ebdf080c9bb7d65388c0ab7fe9aff245b92a212a9c316dc863c4dd715cc68e1514
SSDEEP

6144:E0Yvsv/cHgmb5qsLEoJiNTwYeyicbytFc5VLhTAjBof0+wlESzEc7x:EnvgmQs6UpyDbyt4nT3f0+1gt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42875a2c0e2a28696b75918e45d8fe65_JaffaCakes118

Files

42875a2c0e2a28696b75918e45d8fe65_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a46521a47ad75e115ca7b074493e36b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
VirtualQuery
LoadLibraryA
CommConfigDialogA
RtlUnwind
TlsFree
QueryPerformanceCounter
GetCurrentProcess
GetProcAddress
VirtualAlloc
GetCurrentThreadId
ConnectNamedPipe
HeapReAlloc
HeapAlloc
CreateMailslotA
GetSystemTimeAsFileTime
HeapFree
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
GetTickCount
SetEnvironmentVariableW
FillConsoleOutputCharacterA

comdlg32

PageSetupDlgA
ChooseColorW
PageSetupDlgW
ChooseFontW

user32

PostThreadMessageA
SetLastErrorEx
ToAsciiEx
ValidateRect
SetWindowContextHelpId
GetPriorityClipboardFormat
IsRectEmpty
IsCharAlphaA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ