69a1e06bf8d9af5e3702920f562ae789_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

69a1e06bf8d9af5e3702920f562ae789_JaffaCakes118
Size

112KB
MD5

69a1e06bf8d9af5e3702920f562ae789
SHA1

d406492bba664f53205c383e720793eeb613e586
SHA256

91d9257e7009e4271cc2b75843e2764aa458dfa0f8d03b018fac8495fe0742ac
SHA512

612b23d504cf2efc25b34d2203db6ac5e6596d0ea672e3de0e2e2a28c00b491c38047862560f180b763de5877a6eafae7f5023e2f46ef9202d53d2a55f12ba02
SSDEEP

3072:42fF3YA5XvuqQKsjKu3cO1LRKTcMS0DqCyHTSINwSJ:4QZ2qRs73sN9yO1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69a1e06bf8d9af5e3702920f562ae789_JaffaCakes118

Files

69a1e06bf8d9af5e3702920f562ae789_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4a30fd34ea91660a5b23298c9da5512c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
QueryPerformanceCounter
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
CloseHandle
GetTempPathA
lstrcpyA
GetCurrentProcess
GetCurrentThreadId
lstrcmpA
GetCurrentProcessId
GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime

user32

ClientToScreen
GetFocus
GetWindowRect
EqualRect
wsprintfA

gdi32

GetBkMode

msvcrt

_ismbblead
__getmainargs
_cexit
_exit
_XcptFilter
exit
_acmdln
_initterm
_amsg_exit
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
__setusermatherr

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE