698be7b4563a0c1e0039f198004c724a_JaffaCakes118 | Triage

Sharing

General

Target

698be7b4563a0c1e0039f198004c724a_JaffaCakes118
Size

132KB
MD5

698be7b4563a0c1e0039f198004c724a
SHA1

2de068d4dc126a0426366a3c089a6a1d5df40f68
SHA256

3b54f341ba04d9c5b956c2cce5f315d8a0870cdaf7028b4ed9ca5ef0a418255a
SHA512

e5d167b520ff016c8bf016ca95148c6ae5935d5f016f8c500239d7bc14606e3c59c6e7c03e69e7106471032e7a9abc9b8266084c67e39848d205d603fbc6f63a
SSDEEP

3072:kwdco0N5hVyhan/qtArmgPKDtKpFvjy56V8iCGnLZ1:kQ0N5hVsYqtArnEmw6V8iCqLX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
698be7b4563a0c1e0039f198004c724a_JaffaCakes118

Files

698be7b4563a0c1e0039f198004c724a_JaffaCakes118
.exe windows:6 windows x86 arch:x86

e76f0972f966ae5e090c2e743c5b9451

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wmpshare.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryW
RegisterApplicationRestart
LoadLibraryA
GetLastError
LocalAlloc
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
RaiseException

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

usrybik
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE