65b1c96dcec5da46944e2c7db5a9e7a1_JaffaCakes118 | Triage

Sharing

General

Target

65b1c96dcec5da46944e2c7db5a9e7a1_JaffaCakes118
Size

133KB
MD5

65b1c96dcec5da46944e2c7db5a9e7a1
SHA1

338bee1875a2f1430c49b144a8a96ab05b86318f
SHA256

87378a0bdce3596cb49d00e22c4d852fd16678ef6e82c86b80b0e029b794dcb3
SHA512

102443ecb9162a7a56f18298c269706d7d2e68b8c64b8963d7d3200984e790abceeb28f17ffa93262aebc6d913c000faaa122ecc4971f0a43f78542599e86462
SSDEEP

3072:U+wroWuL4mT5Oo5w9VWbSDK6lUtOJFLJsNh1:U+ZZL44JuDKrtOLFy1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65b1c96dcec5da46944e2c7db5a9e7a1_JaffaCakes118

Files

65b1c96dcec5da46944e2c7db5a9e7a1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d743740d4412d060735fdd3c6f0d723b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\develop\global\Release\bin\acad\dumpshx.pdb

Imports

mfc80u

ord1198
ord293
ord577
ord764
ord1079

msvcr80

_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_XcptFilter
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
_exit
_cexit
__wgetmainargs
_amsg_exit
exit
__iob_func
_encode_pointer

kernel32

UnhandledExceptionFilter
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE