89e60d7187f208e4525ae01d72c9e310_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89e60d7187f208e4525ae01d72c9e310_JaffaCakes118
Size

116KB
MD5

89e60d7187f208e4525ae01d72c9e310
SHA1

7365d23fecaafc8b00bfa3947c09f181823fda82
SHA256

4a68b621f783baf0976607318d0ed9215c58d9fed93527c045eacba470a78232
SHA512

09b15dbb69e127c2507ffb029b7e2ac9d451380e3f61176921f94f0bd4c42223c156f8d56ad33ffc6b5df8850cfebb8dc308accaa03c13eaba1a29bfc6dce53d
SSDEEP

1536:+RN7UFJWi+lEXhPkwBeG2Xu6USHuryb2kx2CtkSUJR8ot/JOyvoP/U0qHdFOVYLH:+R85rx2Xu650W2wkBjeP/U0sFOVL8CDE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89e60d7187f208e4525ae01d72c9e310_JaffaCakes118

Files

89e60d7187f208e4525ae01d72c9e310_JaffaCakes118
.exe windows:9 windows x86 arch:x86

16ced68ed6376749e3e730d206383294

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetCurrentProcessId
LocalFree
QueryPerformanceCounter
GetCurrentProcess
GetModuleFileNameA
GetModuleFileNameA
SleepEx
GetTickCount

ntdll

NtAllocateVirtualMemory

user32

ReleaseDC
ShowWindow
GetMessageW
GetMessageW
GetSystemMetrics
DestroyWindow
SetTimer

gdi32

PatBlt
GetStockObject
PatBlt
DeleteObject
SetTextColor
MoveToEx
CreateCompatibleDC
GetObjectW
GetDeviceCaps

Sections

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ