639bd427aea518b6f3b74f5696220089_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

639bd427aea518b6f3b74f5696220089_JaffaCakes118
Size

178KB
MD5

639bd427aea518b6f3b74f5696220089
SHA1

002573ff0be35ec91d109889ca80b771c664b8cf
SHA256

5999bcb4ff7d3961082d24f96ebed12ecb82ab7bfbdab210ee12304da07a1b6c
SHA512

48f5a6e87e0cdcae1a7a3007dde20dddd2a79ae65e93667df62e2935a09141ea077da14b3f4abba5cffcc73c8317dda29315def3da80f2480a66f18a8754dc1f
SSDEEP

3072:jMuPD3pjih58T+OBDFBoqqAtjxUpBBzEjCZI8Ox4L:jLPjpurpOBDBq3L+x4L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
639bd427aea518b6f3b74f5696220089_JaffaCakes118

Files

639bd427aea518b6f3b74f5696220089_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80cd0dc8ebf0bc6e2e76958b1e2fd1c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCalendarInfoW
OutputDebugStringW
GetFileInformationByHandle
lstrlenW
LocalAlloc
GetProcAddress
GetCurrentThreadId
InterlockedExchange
VirtualQuery
DuplicateHandle
LocalFree
lstrcmpiW
GetModuleHandleW
SearchPathW
EnumResourceNamesA
WideCharToMultiByte
GetProcessId
OutputDebugStringA
GetModuleFileNameW
InitializeCriticalSection
SetEnvironmentVariableW
GetCurrentProcess
MultiByteToWideChar
CreateDirectoryW
GetCurrentDirectoryW
SetLastError
GetLastError
GetFileAttributesW
GetModuleHandleA
FreeLibrary
VirtualProtect
Sleep

gdiplus

GdipGetImageWidth
GdipDisposeImage

shlwapi

PathSkipRootW
PathIsUNCW
StrDupW
PathGetArgsW
SHRegGetValueW
PathFindFileNameW

ole32

CoGetDefaultContext
CoInitialize
CoUninitialize
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ