699c22c0da66d276e2f3cfccdefd2912_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

699c22c0da66d276e2f3cfccdefd2912_JaffaCakes118
Size

193KB
MD5

699c22c0da66d276e2f3cfccdefd2912
SHA1

0471924905c002b44239b37971d3b43b3d88b165
SHA256

6ca460abdb22eff8a0ce56ef89e02aeef0baa101cf8d595ec215bcae4e06889b
SHA512

3820009b755a5e41c0988fdfcddcdd4f4477d7f1cdc5947b962507ec98cd55486bc78d4c13fd3a8b8eba79dd03733318a22e7382ca500398f58d18a3aefdf497
SSDEEP

6144:cjRhBhDK0/vIqO7HN4DFN2crSsm2uFy3QTB:ADKrkP2c+sm58Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
699c22c0da66d276e2f3cfccdefd2912_JaffaCakes118

Files

699c22c0da66d276e2f3cfccdefd2912_JaffaCakes118
.exe windows:4 windows x86 arch:x86

75b212b07b981fa9d7743a3defef41cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
SetPriorityClass
GetSystemTimeAsFileTime
RaiseException
GetVersionExA
MulDiv
GetCurrentProcessId
InterlockedCompareExchange
VirtualProtect
GetStartupInfoA
GetTempPathA
HeapFree
GetLocaleInfoA
GetCurrentProcess
GetThreadLocale
EnumResourceTypesW
GetProcessHeap
GetPrivateProfileStringW
HeapAlloc
GetACP
SetUnhandledExceptionFilter
CreateProcessA
QueryPerformanceCounter
IsDebuggerPresent
InterlockedExchange
GetTempFileNameA
TerminateProcess
UnhandledExceptionFilter
TlsFree

ole32

CoMarshalHresult
CLSIDFromString
CoUninitialize
CoRevokeClassObject
GetRunningObjectTable
CoFreeUnusedLibraries
CoRegisterClassObject
CoInitialize
StringFromGUID2
CreateStreamOnHGlobal
CreateItemMoniker
StringFromCLSID
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc

gdiplus

GdipGetImageWidth
GdipDisposeImage

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ