970f9bce379fc79cc65f9b0a57868890_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

970f9bce379fc79cc65f9b0a57868890_JaffaCakes118
Size

278KB
MD5

970f9bce379fc79cc65f9b0a57868890
SHA1

d60af4fb9a1ead16313d5556d66a8ba725d2ea58
SHA256

c30afc82e23f3f0f9644778d8fe191177509c750eb1084df136121c580dfc053
SHA512

00e3b18a6b6d112d8959a580fdc5af7e37d11db948e2bb5b1e4a80e6454e71fbaee0ec076a6f84f8f3d5a02257de8f4fd53eddde2a114c3ee078345f742f5f8b
SSDEEP

3072:1itn1K57HjhQn2wD4VBEIGumnSnMtvyoRLHDB/eR9jaO3OZvH8OU2YFLhNL9bD33:e1gjS4FcSnoya3oWXzY1LRKtEFZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
970f9bce379fc79cc65f9b0a57868890_JaffaCakes118

Files

970f9bce379fc79cc65f9b0a57868890_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f903d98eea40e427c175ab2877e3c08f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

fmifs

Format
FormatEx
EnableVolumeCompression
DiskCopy
Extend
Chkdsk

kernel32

GetSystemTimeAsFileTime
lstrcmpA
IsValidLocale
CloseHandle
GetLocalTime
GetProcessHeap
CreateFileA
MultiByteToWideChar
GetCurrentProcess
QueryPerformanceCounter
GetCurrentProcessId
GetUserDefaultLCID
HeapFree
SetLastError
lstrcpyW
GetTickCount
WideCharToMultiByte
SetUnhandledExceptionFilter
GetSystemDefaultLangID
SystemTimeToFileTime
HeapAlloc
LoadLibraryA

w32topl

ToplSTHeapDestroy
ToplScheduleDuration
ToplScheduleCacheDestroy
ToplSTHeapExtractMin
ToplScheduleExportReadonly
ToplScheduleCacheCreate
ToplSTHeapInit
ToplScheduleCreate

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ