64c3196a2e0494081480ac157ef7af7e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64c3196a2e0494081480ac157ef7af7e_JaffaCakes118
Size

189KB
MD5

64c3196a2e0494081480ac157ef7af7e
SHA1

cfeb07293e8bc35b158a80826504ca3e7c825b99
SHA256

6d1827a1d1f024708391b48bdd374e545a36e46e923f4558d1d6a361d70fc3d3
SHA512

af33e2ec5f0948ef6395315aa10608c4d38a3880d9f6abbfe7058bf4e34e580197cabcb955986dbb50ed79452d2c39cd5c66ff7a4fe784b7521c4eba52cdffbd
SSDEEP

3072:wNs25xpWvMx2VtpB89lnTq7miQCr78Hs/AAPHXucP8enRK+wv7a+JYDKFOSk5u:+RWvMxBBu7mbCr4HWHXucPRK+wv7eJu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64c3196a2e0494081480ac157ef7af7e_JaffaCakes118

Files

64c3196a2e0494081480ac157ef7af7e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

053b82997bfd8a05081e737aef8508a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDBCSLeadByte
FormatMessageA
QueryMemoryResourceNotification
InterlockedIncrement
CreateThread
TerminateThread
LocalFree
EnterCriticalSection
SetEvent
LeaveCriticalSection
InterlockedDecrement
LoadResource
GetModuleHandleA
GetComputerNameA
GetModuleFileNameA
FindResourceA
EnumResourceTypesW
SizeofResource
GetPrivateProfileStringA
lstrcpynA
GetCurrentThread
WaitForSingleObject
CreateEventA
lstrcatA
GetCurrentThreadId
GetCurrentProcess
GetFileAttributesA
lstrcpyA
LoadLibraryA
HeapAlloc

oleacc

CreateStdAccessibleObject

winmm

timeGetTime
timeSetEvent

ole32

CoMarshalHresult
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ