49425835defc63e498a7509d0109f9de_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49425835defc63e498a7509d0109f9de_JaffaCakes118
Size

96KB
MD5

49425835defc63e498a7509d0109f9de
SHA1

b1b48aa1cbe96690a127979dfdc0970373484b73
SHA256

5a681d05e940876760436ccecf49fcccc84275e41ee75e777cdf2c8ef8114608
SHA512

5e2ef163283a9db3c679a837045faa234ee68c9d86d705f4f1ee85f24af64bdaf50a8901ce3d1bd7d84066388cf2e945c51b2cf095f047b41f1efd7593fbff7f
SSDEEP

1536:xsnIaCftED+V44/rv6fE80ggXaIv98k8fFoC9u5DTes3TqarC+Ea:xAIf9Fr6f9XIvUSC4TV++v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49425835defc63e498a7509d0109f9de_JaffaCakes118

Files

49425835defc63e498a7509d0109f9de_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc553c2895167419dafa0cabf039b90a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CloseHandle
GetDevicePowerState
GetProcessIoCounters
UnregisterConsoleIME
GetConsoleAliasesLengthA
RtlFillMemory
GetDefaultCommConfigA
SizeofResource
GetStartupInfoA
SetThreadExecutionState
Toolhelp32ReadProcessMemory
GetDriveTypeA
SetLocaleInfoA
FlushConsoleInputBuffer
GetCommandLineA
GetStartupInfoA
ExitProcess
QueryPerformanceFrequency
ExpandEnvironmentStringsA
BackupRead
HeapReAlloc
BackupSeek
WriteFileGather
AddConsoleAliasA
GetVersion
SetEnvironmentVariableA
GetFullPathNameA
SetNamedPipeHandleState
NlsGetCacheUpdateCount
GlobalUnWire

Sections

.itext
Size: 4KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

WEIJUNLI
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA