671f46837466a22181b054e8e9411058_JaffaCakes118 | Triage

Sharing

General

Target

671f46837466a22181b054e8e9411058_JaffaCakes118
Size

183KB
MD5

671f46837466a22181b054e8e9411058
SHA1

8d7c26f59bbfb355adfd8ae935cf4f52ca82ba50
SHA256

901108109ae57fbdb2dea28130882ca6869c388bff1f2b9a024af11930bc44ef
SHA512

72438423d85fbf230b2a894fb95660338ae545bef04251e703b0a89949430bd4b5a47bed226cb858d288de1aadfb5693104b2a63f3dea87a4c881a1d3eaf4161
SSDEEP

3072:WL8BtK7qnmabPsT0GCBto4gDLsQqWdW36er2TtAeU:PA2nBb51gcQqWds6+2Tu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
671f46837466a22181b054e8e9411058_JaffaCakes118

Files

671f46837466a22181b054e8e9411058_JaffaCakes118
.exe windows:1 windows x86 arch:x86

57aee9bacf935117215dbc5a9aee2cc4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
__p__commode
_mbctype
_controlfp
memcpy
_lrotr
exit
__getmainargs
_wfsopen
_exit
puts
_dup
_wsplitpath
_except_handler3
islower
iswspace
_toupper
_XcptFilter
_acmdln
_seterrormode
wcscpy
_initterm
_futime64
__setusermatherr
_adjust_fdiv
_getpid
__p__fmode

kernel32

HeapReAlloc
GetModuleHandleA
WaitForSingleObject
HeapAlloc
GetSystemTimeAsFileTime
Module32Next
CreateThread
MulDiv
ExitProcess
GetStringTypeW
DeleteCriticalSection
GetTickCount
ReadFile
GetTimeFormatA
lstrcatA
GetEnvironmentStringsW
HeapCreate
GetEnvironmentStrings
GetStartupInfoA
IsBadStringPtrA
SetErrorMode

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ