5e320a85b36608d69e47a714f56063ff_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e320a85b36608d69e47a714f56063ff_JaffaCakes118
Size

186KB
MD5

5e320a85b36608d69e47a714f56063ff
SHA1

951073f10e73f1c08cddf6005e268a697d1f5869
SHA256

b683b8a7c9a4b967d37201f26f7acf1fa68d8c7c6d690e2bb6d0dcfa714da31c
SHA512

6b537af8f3031f6f1a54c3baf873192d830be7b8f962ef24cbcbe8dd8fd1b9c42aacf04a99dd07e1117da0043624df2315f5be56bb5915bc5b28f09d4dfc4ddf
SSDEEP

3072:EoJ5rEha941Ud666w+iZBuyh74LzPuNHUIjDJGp9waceR0g3wZJmK2njv6Yo:5W4ijp6BugNUIjDJGpCadR0g7K2j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e320a85b36608d69e47a714f56063ff_JaffaCakes118

Files

5e320a85b36608d69e47a714f56063ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8be35a432fc49f1dfbe95521ea92eee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetPriorityClass
QueryPerformanceCounter
GetLocaleInfoA
UnhandledExceptionFilter
RaiseException
CreateProcessA
GetTempFileNameA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetThreadLocale
HeapFree
GetACP
HeapAlloc
MulDiv
TerminateProcess
EnumResourceTypesA
GetVersionExA
InterlockedCompareExchange
GetLocaleInfoW
GetPrivateProfileIntA
GetProcessHeap
VirtualProtect
GetCurrentProcess
GetStartupInfoA
GetCurrentProcessId
GetTempPathA
InterlockedExchange
GetSystemTimeAsFileTime
TlsFree

gdiplus

GdipGetImageWidth
GdipDisposeImage

ole32

CoMarshalHresult
CLSIDFromString
CoInitialize
GetRunningObjectTable
CoCreateInstance
CoFreeUnusedLibraries
CoRevokeClassObject
StringFromGUID2
CreateStreamOnHGlobal
CoInitializeEx
CoTaskMemFree
CoUninitialize
StringFromCLSID
CoRegisterClassObject
CreateItemMoniker
CoTaskMemAlloc

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ