45f7d6f6dc6f8fae05901db02b40baca_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45f7d6f6dc6f8fae05901db02b40baca_JaffaCakes118
Size

144KB
MD5

45f7d6f6dc6f8fae05901db02b40baca
SHA1

a01fa6a70373aefafe6d237c7ff0b3badf4f3b84
SHA256

0076ac54b56f9b7186c709c06a5df585226bbd112e76c555da1ea21ebbd06343
SHA512

4a2a35498c29157ada4bb7ee827621ae4a4f065284b6da5f20907e5989653c683a77b9cb602a55cb193dfe30871b21c19b0761a973521c9403cac9a74de00d75
SSDEEP

3072:1WZ65jV6Exqct3+I/WtHXedJ5CbSxOtkwTIzbx4L1f6rjGz0d:Qs5jV6EII/WJykbCO9I/ayez0d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45f7d6f6dc6f8fae05901db02b40baca_JaffaCakes118

Files

45f7d6f6dc6f8fae05901db02b40baca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f6b84610d595fea9c0a5e7cd16512087

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
DeleteTimerQueueEx
SetLocalTime
HeapFree
_hread
BackupWrite
GetLocaleInfoA
GetLogicalDrives
WaitCommEvent
GetModuleHandleA
UnregisterWaitEx
EnumSystemLocalesW
GetExitCodeProcess
GetStartupInfoA
LoadLibraryExW

msvcrt

_mbsnbicmp
_controlfp
__setusermatherr
__set_app_type
_setmbcp
signal
_mbcjmstojis
_except_handler3
_mbstrlen
exit
__getmainargs
__p__fmode
_initterm
_acmdln
_adjust_fdiv
_XcptFilter
_vsnprintf
__p__commode
_wmakepath
_exit

user32

NotifyWinEvent
CreateWindowExW
EnumDesktopWindows
EndTask
IsCharUpperA
DrawTextExA

gdi32

SetRectRgn
SetFontEnumeration
CreateFontIndirectExW

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ