42fc0fedfb244395d0c683f6a6bd3528_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42fc0fedfb244395d0c683f6a6bd3528_JaffaCakes118
Size

422KB
MD5

42fc0fedfb244395d0c683f6a6bd3528
SHA1

c1e816316783f97ae383cf0b614a0dc8f0c2cbae
SHA256

abfe783e9a75fd3854b006fb6a11ef634704703c5a555538d318b978fa1e585f
SHA512

8635f4e0e7acf3918a7622517bea49f615dd498ce9e620d666cc4335de7225b26ce82b33e34c310d81010b9be3ca75fced0f95743359088af8a58fa007cd7c6e
SSDEEP

12288:BMxP35EO0pkBpBPnQK5015V961lAlXVNV+MCvngbCjvyv/Wb5QMr:nDp61qlFNVingOjqGFrr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42fc0fedfb244395d0c683f6a6bd3528_JaffaCakes118

Files

42fc0fedfb244395d0c683f6a6bd3528_JaffaCakes118
.exe windows:4 windows x86 arch:x86

87b9317b7eeebd57852289af376cd029

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
GetVolumeInformationW
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
CreateSemaphoreW
SetThreadLocale
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
GetTickCount
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
MoveFileA
GetEnvironmentVariableW
ExitProcess
InterlockedExchange
RtlUnwind
LoadResource
QueryPerformanceCounter
VirtualQuery
LoadLibraryA

user32

SetCaretBlinkTime
GetKBCodePage
CreateCursor
DrawFrame
ChangeClipboardChain
DragDetect
IsIconic
CharUpperBuffA
ChangeDisplaySettingsExW
CreateIconFromResource
EnumPropsA
CharNextExA
GetTabbedTextExtentW
CopyImage
VkKeyScanExA
TileWindows

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ