87af192ba9fceab69b5f9f24427db323_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

87af192ba9fceab69b5f9f24427db323_JaffaCakes118
Size

9KB
MD5

87af192ba9fceab69b5f9f24427db323
SHA1

4df146e09d0578e540b94517fa9e9c40d805efdd
SHA256

312563968283ebe6ca88d7fc2956f21d7461fb1f75f3c9da49732fd1ff00afa8
SHA512

f7975f455ac1d96911a26500acff2adb0f40f2f481322c477cfbc7eebeb8bcd214c6db8865c950a955ee1d6de52239313d3c758558adf5f1f77f5e5bcecdc46e
SSDEEP

192:9g8K6EA+dOB2Ry7rb0FBjupuwoyF1Iz4q6p:9gvxhRojpuwo06ze

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87af192ba9fceab69b5f9f24427db323_JaffaCakes118

Files

87af192ba9fceab69b5f9f24427db323_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8682b90b55844f8316c9f2fe61f4516e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Администратор\Documents\Visual Studio 2008\Projects\MTR\Test2\Release\mtrsurs.pdb

Imports

kernel32

GetFileAttributesA
DeleteFileA
Sleep
GlobalAlloc
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
WinExec
ExitProcess
CopyFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind

user32

PostMessageA
FindWindowA
RegisterClassA
CreateWindowExA
ShowWindow
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
CharLowerBuffA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ