af8bfbb965edd3ceb46e4d23ac9dd5e9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af8bfbb965edd3ceb46e4d23ac9dd5e9_JaffaCakes118
Size

173KB
MD5

af8bfbb965edd3ceb46e4d23ac9dd5e9
SHA1

c6cadaa8a80c1d811db95bfeffa6b5d92b21b168
SHA256

a2daffe30653bf3b1ca84c3a1f17ec14c0cf70eab1c9d8c3697fc913d1ca997b
SHA512

e201e82685d9418d0d7a3e4c08655b7e4e58d78fa2dbc8a5bfe8a7c6386c54754c145dfabdbc030e3c29830ecb1b3328bb153a745184d90936e4db7315916552
SSDEEP

3072:OQbgU8Hna4pErdL+8l+RAD9u4YE6Cgk88tzUV5pQUzETkch1CtK:TuVizsCDFYE6/kF6jpQxAqq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af8bfbb965edd3ceb46e4d23ac9dd5e9_JaffaCakes118

Files

af8bfbb965edd3ceb46e4d23ac9dd5e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

035627e9c0df82f1d469662301bb4045

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

CloseCluster

kernel32

WideCharToMultiByte
GetModuleFileNameA
GetStartupInfoA
MultiByteToWideChar
ReplaceFileW
GetEnvironmentVariableA
EnterCriticalSection
CreateProcessA
GetSystemTimeAsFileTime
LeaveCriticalSection
GetTickCount
GetProcessId
RaiseException
FindResourceExA
GetCurrentProcessId
GetVersionExA
GetCurrentThreadId
lstrcmpiA
EnumResourceTypesA
InterlockedExchange
Sleep
InterlockedCompareExchange
GetLastError
ExitProcess
LocalAlloc
FindResourceA
LockResource
QueryPerformanceCounter
LoadResource
SizeofResource
lstrlenW
lstrlenA
GetModuleHandleA

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ