5b97adeb5261d65e8362ec926ea4d1a1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b97adeb5261d65e8362ec926ea4d1a1_JaffaCakes118
Size

189KB
MD5

5b97adeb5261d65e8362ec926ea4d1a1
SHA1

69ca84eb7f054d1678eb56bce9f5f4be53272984
SHA256

0d02a29e04dc6cb331f546c4279a19f28a491b4dfb0df030f2c5cbe0ca7dac4c
SHA512

1a9c454bee4ded403897a60fbc65ad910faea0f24ec9e7871cde3fbc6ac13cff81ef452a045c1c38cd573493b78aee52c79bca52e9fe06b090fc855e73a15533
SSDEEP

3072:yU2+v38pqTTdKpg49IB3Qcw+BGQzwSOow0TGgBTrVIbcJ18IO:y8Epqf6lWQ8TFGclIbcD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b97adeb5261d65e8362ec926ea4d1a1_JaffaCakes118

Files

5b97adeb5261d65e8362ec926ea4d1a1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3902ac4135d0bc13371ce607f7899a04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetACP
GetDriveTypeA
SetLastError
GetCurrentThread
GetCommandLineW
lstrlenA
Sleep
GetUserDefaultLangID
RemoveDirectoryA
GetTickCount
CopyFileA
MulDiv
lstrcmpA
GetCommandLineA
GetLastError
GetThreadLocale
GetCurrentProcess
GetCurrentProcessId
GetConsoleOutputCP
GetModuleHandleA
GetProcessHeap
GetVersion
QueryPerformanceCounter
DeleteFileW
GetCurrentThreadId
GlobalFindAtomW
GetStartupInfoA
SetCurrentDirectoryA
lstrcmpiW
IsDebuggerPresent
VirtualAlloc
LoadLibraryW
lstrlenW
DeleteFileA
GetWindowsDirectoryA
GlobalFindAtomA
GetOEMCP
lstrcmpiA

user32

GetDesktopWindow
CharNextA
GetSystemMetrics
GetDC

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ