62be488e6be055e1716578cecb224347_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62be488e6be055e1716578cecb224347_JaffaCakes118
Size

209KB
MD5

62be488e6be055e1716578cecb224347
SHA1

169762ef181cd547472bdd5b7551f188ec69ca01
SHA256

4db6767798cd07862dfa25b84ea9bc7483bebbafa5596e0ce77fb292fce84e1e
SHA512

37ecc7b1d98e000496a8ae076497a65494046efbdad29187ded8f692c86cab8c9314caede387cef8957d70b7300b6c24449c09ce2d396134fa08ca2a454cb170
SSDEEP

3072:qAabdO+R+EXRraCoOBF8IhWFKY3owi/cDuERoLEJTcckWYK2AWT+BoH4DQlyN:qAkO+rBRjUFKomFEuCJkWb2Fq0lyN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62be488e6be055e1716578cecb224347_JaffaCakes118

Files

62be488e6be055e1716578cecb224347_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ebd0478dfaeaf5f768292e5ef83e466e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
VirtualProtect
SuspendThread
lstrlenA
LocalSize
GetModuleHandleA
GetConsoleCP
GetStdHandle
GetAtomNameA
CompareFileTime
GetSystemDefaultLangID
HeapCreate
WaitForSingleObject
GlobalUnlock
GetVersion
HeapReAlloc
GetCommandLineA
CloseHandle
InterlockedExchange
LoadLibraryExA
GetTickCount

gdi32

GetStringBitmapA
FloodFill
Escape
GetTextColor
GdiFlush
CreateICA
BeginPath
EqualRgn
GetMetaRgn
DeleteDC
CreatePalette
GetFontData
EngLineTo
Ellipse
GetRgnBox
DeleteObject
EndPath
GetMetaFileA
CreateFontA
AbortPath

winmm

PlaySoundA
auxSetVolume
CloseDriver
OpenDriver
auxGetVolume

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ