ad02bd63c55b08e4f74e2eaeceb3795a_JaffaCakes118 | Triage

Sharing

General

Target

ad02bd63c55b08e4f74e2eaeceb3795a_JaffaCakes118
Size

288KB
MD5

ad02bd63c55b08e4f74e2eaeceb3795a
SHA1

e24afbbc3f21e92a5a8c1113697c1029c2f65f04
SHA256

d2b2f8da6b60ca6991b91dc993374f2e294967d0aa926017a5cfec6aa344014f
SHA512

9dc158995311391261d47084e6d87cab6480f646755c07b1048416ab00c6511bf8a0ebf4abd8f89bb8433424796c8d7a1b7c4aebdc9abcb421cf83d637e7f447
SSDEEP

3072:/eAQAqT8OTi+iRSrpF/FWwNYuznxMmEsSbUN0R+OpN/iPqmT9:m3T8Z+iR4Z9uuzxhE9sdO3/YT9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad02bd63c55b08e4f74e2eaeceb3795a_JaffaCakes118

Files

ad02bd63c55b08e4f74e2eaeceb3795a_JaffaCakes118
.exe windows:6 windows x86 arch:x86

18838604d10c79e55eca2054b627560b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

winhstb.pdb

Imports

kernel32

RaiseException
HeapSetInformation
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

?terminate@@YAXXZ
??3@YAXPAX@Z
__getmainargs
_cexit
_exit
_controlfp
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 279KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE