a35ceb64e1a28d68c08a9ba5d7afa8e5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a35ceb64e1a28d68c08a9ba5d7afa8e5_JaffaCakes118
Size

220KB
MD5

a35ceb64e1a28d68c08a9ba5d7afa8e5
SHA1

f5a88db9950252593b04cf0fa265e6005221f3e3
SHA256

15028b50321b712145cf03cf9ed046cf71425ce644f32c25a566422159c8089b
SHA512

a1eb5866b60d07523b83725528b48fa6033065c7f7c632b2d67b46e3dad328cd34ad41fb9eb54eaf34ae2065b1dfe3dc3f23fd817e85c3c81e51ee06c084d30f
SSDEEP

3072:o8fkRVREoRCXmOstuS7c86f1njnpiUnPYsqnUZtLEOUtqqP:o7/pc1njnYUnn86trUtb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a35ceb64e1a28d68c08a9ba5d7afa8e5_JaffaCakes118

Files

a35ceb64e1a28d68c08a9ba5d7afa8e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7dcb28860e60176e77f9f03a6342db7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetConsoleOutputCP
DeleteFileW
CopyFileA
QueryPerformanceCounter
GetCurrentProcess
GetLastError
lstrlenA
SetLastError
SetCurrentDirectoryA
GetACP
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
MulDiv
GetVersion
GlobalFindAtomA
GetStartupInfoA
GetModuleHandleW
GetTickCount
GetCommandLineW
GetDriveTypeA
lstrcmpiA
lstrcmpA
lstrcmpiW
lstrlenW
GetCurrentThread
GetWindowsDirectoryA
GetOEMCP
GlobalFindAtomW
GetUserDefaultLangID
GetThreadLocale
LoadLibraryW
RemoveDirectoryA
GetModuleHandleA
DeleteFileA
Sleep
VirtualAlloc

user32

GetDC
GetSystemMetrics
CharNextA
GetDesktopWindow

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ