617a0503a826d0822ac20a0a907cffb1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

617a0503a826d0822ac20a0a907cffb1_JaffaCakes118
Size

198KB
MD5

617a0503a826d0822ac20a0a907cffb1
SHA1

d3d05a31716385fc38d6635340ea9df91258b7f0
SHA256

792644a23b88d578ce64aeedbf28002fd51017798596fb1433209647ccb0925b
SHA512

9feb35d2541f55c5b84a7649fc12bd9251e20bc3cb0a5c71892106878275ee1418496e8145f0a346f39c60f7e038a0feb893cdf98e719fa90af7141d15a90630
SSDEEP

3072:sR/xayQOtJLEbyt2zLR38mUAahG3uOCugq/3d492q4A+FnE:w0vEY6hG31f/l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
617a0503a826d0822ac20a0a907cffb1_JaffaCakes118

Files

617a0503a826d0822ac20a0a907cffb1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

937fb34ccbfed3592fa2c43576900f10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextA
GetSystemMetrics
GetDC
GetDesktopWindow

kernel32

GetModuleHandleW
lstrlenW
GetThreadLocale
GetCommandLineW
GetVersion
GetTickCount
GetCurrentProcess
VirtualAlloc
IsDebuggerPresent
LoadLibraryW
MulDiv
lstrcmpA
GetOEMCP
GetWindowsDirectoryA
GetStartupInfoA
GetModuleHandleA
SetLastError
CopyFileA
lstrcmpiW
lstrcmpiA
QueryPerformanceCounter
GetProcessHeap
lstrlenA
GlobalFindAtomA
GetDriveTypeA
GetCurrentProcessId
GetUserDefaultLangID
GetCurrentThreadId
GetCommandLineA
GlobalFindAtomW
RemoveDirectoryA
GetACP
DeleteFileA
GetConsoleOutputCP
GetCurrentThread
Sleep
DeleteFileW
GetLastError
SetCurrentDirectoryA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ