62a3005cdc4f16dcb3b48842b7580b16_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62a3005cdc4f16dcb3b48842b7580b16_JaffaCakes118
Size

162KB
MD5

62a3005cdc4f16dcb3b48842b7580b16
SHA1

8825c48b6b411f5bfd9f7e46c5bdbb6b2bd65a28
SHA256

03b959543ba0feef24625fa4f313f74f543a944a3cb78d42fc17661b977e0b7a
SHA512

d041d04d613eb89c4b486fb81cd3098e22cd03dbe0a54a0ef03801b4f7724275e22404a833496d34f54bc0ac3a54fb344a91169835cf7dc076cd9ec3387d9443
SSDEEP

3072:EDgACJhyOY1mpJDJ2ZAFGsveRilUCAdx6EE+8SEJJa:E0X9ouD09sGE+CAd/XELa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62a3005cdc4f16dcb3b48842b7580b16_JaffaCakes118

Files

62a3005cdc4f16dcb3b48842b7580b16_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab6badbb5b7d50f9c0d071e993f4ea9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

CloseCluster

comctl32

InitCommonControlsEx

kernel32

QueryPerformanceCounter
ReplaceFileW
GetCurrentProcessId
TerminateProcess
InterlockedCompareExchange
IsDebuggerPresent
GetProcessId
Sleep
InterlockedExchange
SetUnhandledExceptionFilter
EnumResourceTypesA
UnhandledExceptionFilter
ExitProcess
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess

shell32

ShellExecuteW

user32

EnumDisplaySettingsW

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ