63be5fd0ac1a150e13ff36f68f26ce5f_JaffaCakes118 | Triage

Sharing

General

Target

63be5fd0ac1a150e13ff36f68f26ce5f_JaffaCakes118
Size

491KB
MD5

63be5fd0ac1a150e13ff36f68f26ce5f
SHA1

e91d5ae26328fb92e5f388b60827e326da744d59
SHA256

1583549d19653a42d0dcb05def154415821756c0129f6d8d37c2f291007b4fac
SHA512

20093de6508c0ec9298603e01c243d05716e29600042985f403c020c4937710c303cf276dd4f58baa293124ad08090900c9db7d674306e9de4558e46f878f5e0
SSDEEP

12288:KJJuKNSWq7GDc1xurKYiQQig276T/eCUD35BGi:KJNIWqqDjZQi/74et

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63be5fd0ac1a150e13ff36f68f26ce5f_JaffaCakes118

Files

63be5fd0ac1a150e13ff36f68f26ce5f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0215cf274fba3e9e787e4834e52a98ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
DeviceIoControl
ExitProcess
GetCurrentThreadId
GetWindowsDirectoryA
HeapAlloc
InitializeCriticalSection
LeaveCriticalSection
OpenThread
RtlZeroMemory
GetModuleHandleA
HeapFree
MoveFileExA
Sleep
WaitForMultipleObjects
GetProcessHeap
CloseHandle
GetProcAddress
CreateFileA
EnterCriticalSection
GetModuleFileNameA
GetTickCount
GetDevicePowerState
EnumLanguageGroupLocalesW
CheckRemoteDebuggerPresent
CommConfigDialogA
GetConsoleInputExeNameW
SetSystemTime

msvcrt

_fileinfo
__p__wpgmptr
_fmode
_cwprintf

shell32

SHDoDragDrop
ILCloneFirst

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 459KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ