497037865c5e2468023ba0ba29ea8269_JaffaCakes118 | Triage

Sharing

General

Target

497037865c5e2468023ba0ba29ea8269_JaffaCakes118
Size

372KB
MD5

497037865c5e2468023ba0ba29ea8269
SHA1

abedcb1cb3cc1510e3451c0493c1473a0fcb5058
SHA256

e2a634c75b035746585df9a52c43d50803ca79bfe310d726b0b5bad8020c88a9
SHA512

7ab9f577912ac6612b137b220882cd8aaaab081e20af9a8c42a49bbe40d89fbf7c35699c590da11754ac09cec4e0c979ea2e457745ee1c52ff1549e4e4df5eaf
SSDEEP

6144:GJEE/fR0GxeM5C9uAfTSGinrlPHgMPD0z3xyPvf14:fafiGxP8cS5inrlvnPD0TYv14

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
497037865c5e2468023ba0ba29ea8269_JaffaCakes118

Files

497037865c5e2468023ba0ba29ea8269_JaffaCakes118
.exe windows:4 windows x86 arch:x86

006ebfb28f53ee764122c32ad14f395c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetSystemTime
SetEvent
OpenFileMappingA
GetEnvironmentStrings
VirtualFree
IsBadCodePtr
TlsGetValue
GetModuleHandleA
DeleteTimerQueue
GetProcAddress
ExitProcess
Sleep
GetLastError
VirtualFreeEx

user32

LoadAcceleratorsA
UpdateWindow
BeginPaint

gdi32

FloodFill
PatBlt

advapi32

CopySid
AddAce

ole32

CoUninitialize

msvfw32

DrawDibStop
DrawDibClose

avifil32

AVIStreamCreate

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ