446288450127127b236b147dab415539_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

446288450127127b236b147dab415539_JaffaCakes118
Size

145KB
MD5

446288450127127b236b147dab415539
SHA1

be78fd15053b7a0baa0690734d4d2c0d4da4875c
SHA256

403f13a49fb6706d88ad106f569ba0ac8dd80dd7c27c9f3a591ee867e959df89
SHA512

988ef701f45f6c123b194e8df86a39b3e9e659984d9aa3875e5ede6c6d158b234d927649ff7f3d1292f19f99b62ba74457393184b320fa0f1b9ff40d0cbec314
SSDEEP

3072:W+WkGxybiDx+QjDNTG3XHSftcVWj18GCBeKRK9Fa4:mkpiDxN3N2X0t3j18GCBhREFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
446288450127127b236b147dab415539_JaffaCakes118

Files

446288450127127b236b147dab415539_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8efde3762591deb8516a7a444800801e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetBinaryTypeA
OpenMutexA
lstrcmpiA
GetCPInfo
WriteConsoleInputA
CreateDirectoryExW
CompareFileTime
GetProcessWorkingSetSize
GlobalUnlock
ExitProcess
FillConsoleOutputCharacterA
GetDiskFreeSpaceExA
HeapReAlloc
GetStringTypeExW
SetFileShortNameA
GetCommandLineW
GetDriveTypeA
IsBadCodePtr
GetDiskFreeSpaceA
GetModuleHandleW
SetErrorMode
VirtualAlloc
GetConsoleCP
IsBadStringPtrA
GetConsoleMode
GetStartupInfoW

winmm

timeBeginPeriod
timeKillEvent

ole32

CoTaskMemFree
CoGetMalloc
StringFromCLSID
ProgIDFromCLSID

rpcrt4

RpcStringFreeA
RpcStringBindingComposeA
RpcBindingFromStringBindingA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 138KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ