966069e079a5a88f202963792b7fb555_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

966069e079a5a88f202963792b7fb555_JaffaCakes118
Size

40KB
MD5

966069e079a5a88f202963792b7fb555
SHA1

6aed2e3916ec0973e580eb8e4f42128028b4e021
SHA256

9bfe54a936f646d85713f0b2aa586889c511d52b780c3156b7226ac6c7ee5ddb
SHA512

b71a1f05ea6c9cb3ba466e489c391ef9ac6d3f235effdfa4726a46e724a25956ae017c2c80e80f6d6e681d3e9cf52482f3acb96ff93e999e163bed713137e3a9
SSDEEP

768:521h7yhjYXXM9/xu7kDQjcSjBIKeKV2vN4:AocM9k7kkAMpeKX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
966069e079a5a88f202963792b7fb555_JaffaCakes118

Files

966069e079a5a88f202963792b7fb555_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a3b7a6c381ab3fc0a0dab16d3a386ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Work\TestUpdateRes\TestUpdateRes\Release\TestUpdateRes.pdb

Imports

kernel32

FormatMessageA
GetLastError
LockResource
LoadResource
SizeofResource
FindResourceA
FreeLibrary
LoadLibraryExA
Sleep
SetLastError
ExitProcess
LoadLibraryA
GetVersion
lstrcmpA
VirtualProtect
GetLocaleInfoA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
HeapReAlloc
HeapSize
GetACP
GetOEMCP
VirtualAlloc
FlushFileBuffers
SetStdHandle
LCMapStringA
GetStringTypeA
CloseHandle
GetSystemInfo

user32

MessageBoxA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE