69b15946938903b684caa394790d394e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

69b15946938903b684caa394790d394e_JaffaCakes118
Size

174KB
MD5

69b15946938903b684caa394790d394e
SHA1

fc088c611f8bd12a8d4bcf24dabf5293d9918195
SHA256

2d854a4b517a9fa8228b2320f289d10f4f42c6707e2ad7131d455ff1925c31f6
SHA512

3b082e4728fd0946021084aa1590ec31fbb2f1ec3456ddb9b55549224dd5cc954282efe7bd6627500fe06cc479c72e2589f7e0d80bc9afe351f271064845d066
SSDEEP

3072:e+5ovTM43okkNAUve4Mf8aLOkL8CM6DZJuJlWQs3ngWR:e+5ovTMgokIAUve4SCkgk1JuKQs3ngWR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69b15946938903b684caa394790d394e_JaffaCakes118

Files

69b15946938903b684caa394790d394e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8b7d2667aafb52686b05b3f27c91b7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

user32

EnumDisplaySettingsW

shell32

ShellExecuteW

kernel32

ReplaceFileW
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetProcessId
TerminateProcess
GetStartupInfoW
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
EnumResourceTypesA
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
Sleep
InterlockedExchange
GetCurrentThreadId
GetCurrentProcess

clusapi

CloseCluster

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ