49b13ff0b3065f20581d0460be98aa80_JaffaCakes118 | Triage

Sharing

General

Target

49b13ff0b3065f20581d0460be98aa80_JaffaCakes118
Size

44KB
MD5

49b13ff0b3065f20581d0460be98aa80
SHA1

8be473b4c8c71251a8b464ce8e0e18f5854944b1
SHA256

4ecde217cc5f362e2413f5fed1123f71845f670db2642214694931611eb6100b
SHA512

2d96b22a37fc331392f053137185490313641c65b39a73dec0ebfabab2731ac90c31238a4ea40c3d4cb2672c2352e6ffac1458064221349294183e02a6b27c1a
SSDEEP

768:4GqKmDpiyl9jMPFgt5+wgjIDl8SG0YTE0:4GqK+piyl9j8S5lXlVG0YT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49b13ff0b3065f20581d0460be98aa80_JaffaCakes118

Files

49b13ff0b3065f20581d0460be98aa80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

64c9eb904b4db45326f6675c400eae59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ExitProcess
LoadLibraryA
GetLastError
GetProcAddress
GetModuleHandleA
GetTickCount
GetCurrentProcess
GetModuleFileNameA
GetVersionExA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
TerminateProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
RtlUnwind
InterlockedExchange
HeapSize

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ