619d6203282ceb56825627d2dc706151_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

619d6203282ceb56825627d2dc706151_JaffaCakes118
Size

225KB
MD5

619d6203282ceb56825627d2dc706151
SHA1

6f4455c5c01d9d751ffcc95fb0054e8e7c1c5490
SHA256

d6b2311cb7a9eb784e8840b3ed4e7329bbed2414204858d45797451c00cf8067
SHA512

19b327e8f8e6b4ed6feb8b81f828a8ff448cbf95cc70bc41e8914c0076656bbb3faaf1634046f049a4c246c741dbcbfc0e18dfd98d50ecf14f492f32eb8a844c
SSDEEP

6144:BUCVYB9APUQ5U9Q7xhfmCQLotRkrcB1/VnQ:BUdB9cUQ5uQDfm1Lot2ob/h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
619d6203282ceb56825627d2dc706151_JaffaCakes118

Files

619d6203282ceb56825627d2dc706151_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cbb276204730cb3a74d64e5425462186

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

BackupSeek
CompareFileTime
EnumSystemLocalesW
ExitProcess
GetTempPathW
IsDBCSLeadByte
QueryPerformanceFrequency
RtlMoveMemory
SetThreadIdealProcessor

user32

CallMsgFilterA
DestroyIcon
GetMessageTime
LoadImageA
RegisterDeviceNotificationW
RemovePropW
SendMessageTimeoutW
SendMessageW
SwitchToThisWindow
TranslateAccelerator

gdi32

AngleArc
DeleteDC
DescribePixelFormat
ExcludeClipRect
GetCharacterPlacementW
GetTextExtentPointW
GetTextFaceA
InvertRgn
PtVisible
SelectClipRgn
SetGraphicsMode
SetICMProfileW

Sections

.text
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 222KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ