a7c1659211e16c0400f7e7084b4067f1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7c1659211e16c0400f7e7084b4067f1_JaffaCakes118
Size

76KB
MD5

a7c1659211e16c0400f7e7084b4067f1
SHA1

4f8700aa76c6d934f015b69695ec3fff47f920ba
SHA256

d3fa94b3b244b294f0c86cc99631d9ec7f00d92e4a62f060acd242d579381b38
SHA512

4c5d40f8ef0cae609307566e831b0abcb5b3e84b92e728e54d1c697353d6aa224c31032160e241a5b1c4ee985084017b04a8875192fc7228178134deb59e5bac
SSDEEP

768:UCZ7eIGpMdOkv+1PLK9IlS4S7l263pg1k8TKYceDgCRn9riDgMoeF:UCVB+ZLvlSJ70aSKYceDh85F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7c1659211e16c0400f7e7084b4067f1_JaffaCakes118

Files

a7c1659211e16c0400f7e7084b4067f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62ac37ceb4c0e5a3cc19c9cd0d7a3589

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
WriteFile
GetLastError
CreateFileA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
CloseHandle
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pvhdsvk
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE