b29f7a7ba0c901f35a11071d746215c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b29f7a7ba0c901f35a11071d746215c1_JaffaCakes118
Size

97KB
MD5

b29f7a7ba0c901f35a11071d746215c1
SHA1

b2611bf843ec656cc01831b89d2239c3a7c23217
SHA256

80d8d6389484e319085fe73afaaf00e011b243727d5091e61794436791ccc149
SHA512

b894595db43855e2f74a331f21f35394e7a991cd1375d076cf6892e953dd9c14781d00bc8271cafdffaa7633925f74fe07c6952de1d5832b22e42b3e8ffb8fd5
SSDEEP

1536:/WawPc0KxgfVN1qtAuj1yqF0eGfxNyXUmAfzQc2kF1quI:XgcFxI0j1OeGfmEmAfHrqP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b29f7a7ba0c901f35a11071d746215c1_JaffaCakes118

Files

b29f7a7ba0c901f35a11071d746215c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2643b6a6adcba472985f36f313e39f4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDesktopWindow
CharNextA
GetSystemMetrics
GetDC

kernel32

RemoveDirectoryA
GetCurrentThreadId
GetWindowsDirectoryA
GetModuleHandleW
GetStartupInfoA
GetDriveTypeA
CopyFileA
Sleep
lstrlenA
GetThreadLocale
GlobalFindAtomW
GetUserDefaultLangID
IsDebuggerPresent
GetCurrentProcessId
QueryPerformanceCounter
DeleteFileW
SetLastError
GetVersion
SetCurrentDirectoryA
DeleteFileA
GetConsoleOutputCP
GetOEMCP
lstrcmpiW
MulDiv
GetACP
GetCommandLineA
GetProcessHeap
lstrcmpA
GetCurrentThread
lstrcmpiA
GlobalFindAtomA
GetCommandLineW
VirtualAlloc
LoadLibraryW
lstrlenW
GetModuleHandleA
GetCurrentProcess
GetLastError
GetTickCount

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ