66238c27e796cfd68914b45769c08892_JaffaCakes118 | Triage

Sharing

General

Target

66238c27e796cfd68914b45769c08892_JaffaCakes118
Size

365KB
MD5

66238c27e796cfd68914b45769c08892
SHA1

5476486a4970df0f03168836fab01ee9ab3ed995
SHA256

09e362f2e4ef0a31584ff7b118d22573ac21b6b55a3d285bbdb9640304e258b4
SHA512

6ba08a8957c8d4b44b7a5574c86b6ef86efea0fd798618199ddb2e0c8d1993a98dc5f2f876a4ae3ce7119da8acbd5e0b84c070de9e4bf60938453ae6a59e127b
SSDEEP

6144:yMyClEcD2+oba6NN7JgK2RUr1GiXCvn1lHvhwRNv0rphKCmX1SJHjf:yM5ld6ba6NN7eKmUpLu15S0rmPXEl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66238c27e796cfd68914b45769c08892_JaffaCakes118

Files

66238c27e796cfd68914b45769c08892_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef19e8fc588b08d5349f6a942690cbd8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
SleepEx
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
FindAtomA
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
OpenProcess
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
HeapLock
SetTimeZoneInformation
FindClose
InterlockedExchange
RtlUnwind
SetConsoleCP
QueryPerformanceCounter
VirtualQuery
LoadLibraryA
GlobalGetAtomNameW
GlobalCompact
LocalCompact
CreateDirectoryA
ExitProcess
GetTickCount
VirtualQueryEx

gdi32

GetOutlineTextMetricsW
LineTo
RoundRect
SetViewportOrgEx
GetCharABCWidthsA
GetObjectA
GetCharacterPlacementW
BitBlt
UpdateICMRegKeyA
RealizePalette
GetTextMetricsW
UnrealizeObject
CreateMetaFileW
DeviceCapabilitiesExA
FlattenPath
CreateEllipticRgn
GetCharABCWidthsW
GdiGetBatchLimit
StartPage
EnableEUDC

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ