7225fb99073079ca6b56ed5f55579503_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7225fb99073079ca6b56ed5f55579503_JaffaCakes118
Size

232KB
MD5

7225fb99073079ca6b56ed5f55579503
SHA1

7d1b6997cd436c8980a2ad380414fe09bb11db0e
SHA256

0ccb4a1a4e714135c543c40046f89882e255df9701cc422fc3fca4f22ee23fca
SHA512

e6b84c82f0caac0095e5d86b531c80085c7ba24794c11ecd481ea7a186276ae1a2edbad3cd411ed30475be625d293647036e9bd0607b14c93ceccf00b942cb9b
SSDEEP

3072:97HjDGH6SRlG/qACYGhUamW9w5vKRVG+YmcaEksCFDOEdeXejjnW96oH8sXjiPJC:1jDoLGC4JaEksCJveujjnW4oHxIJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7225fb99073079ca6b56ed5f55579503_JaffaCakes118

Files

7225fb99073079ca6b56ed5f55579503_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5cee2635da0780d8472c0a3b97bdc5b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetModuleFileNameW
TlsAlloc
GetCurrentThreadId
GetCurrentProcess
GetProcAddress
GetLocalTime
QueryPerformanceCounter
GetSystemTime
CompareFileTime
GetCurrentProcessId
IsValidCodePage
GetModuleHandleA
GetModuleFileNameA
GetCurrentDirectoryA
GetStartupInfoA
GetTickCount
InterlockedIncrement
CreateEventA

gdi32

SetPixelFormat
ChoosePixelFormat

opengl32

glVertex2f

shell32

SHSetLocalizedName

msvcrt

_initterm
__dllonexit
_controlfp
memcpy
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_onexit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ