a0532e80f996a70085fc72cde239f0c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0532e80f996a70085fc72cde239f0c4_JaffaCakes118
Size

186KB
MD5

a0532e80f996a70085fc72cde239f0c4
SHA1

bbb33e80c793b94fc39e06bcf47639acadf3791d
SHA256

c1a837ae0f1e9ad8472ea98e15b16393d41502530bbed23afb08f93cb4e13e2c
SHA512

ba7ce3e480ecd8feaa39e94db443ab087cd934146c7b2446c54bf8784a1b969ed0c34c9068cbc4a0f5128de486c0561976deb738d68d93ab4bf646ea01657b09
SSDEEP

3072:sTA49nfJ6WKmHc8/mbAjAOt9L6LXFrLdxPSydRgzOz3Jc4VcQwNoAmCd/ZVF:WzF0JHAp9aXFrX6seLgQN9mCd/ZVF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0532e80f996a70085fc72cde239f0c4_JaffaCakes118

Files

a0532e80f996a70085fc72cde239f0c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57a4987937cb688b31a4a6c7e3df1ca9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

kernel32

GetThreadLocale
GetProcessHeap
HeapAlloc
SetPriorityClass
MulDiv
HeapFree
GetTempFileNameA
InterlockedExchange
GetLocaleInfoA
GetLocaleInfoW
GetCurrentProcessId
IsDebuggerPresent
VirtualProtect
EnumResourceTypesW
GetTempPathA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStartupInfoA
GetPrivateProfileStringW
GetVersionExA
InterlockedCompareExchange
GetACP
CreateProcessA
RaiseException
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
TlsFree

ole32

CoMarshalHresult
CoFreeUnusedLibraries
CoUninitialize
GetRunningObjectTable
CoRevokeClassObject
StringFromGUID2
CreateItemMoniker
CreateStreamOnHGlobal
CoInitialize
CLSIDFromString
CoRegisterClassObject
CoTaskMemFree
CoInitializeEx
CoCreateInstance
StringFromCLSID
CoTaskMemAlloc

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ