b49bf0c2708f905b3ce5efd607689c72_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b49bf0c2708f905b3ce5efd607689c72_JaffaCakes118
Size

191KB
MD5

b49bf0c2708f905b3ce5efd607689c72
SHA1

0b45a0c742883df133026ecf7496b106293db4b2
SHA256

1533ccd935671344e63b7e3cf6d0fcdacf45941e2a7ae92ead82c1083b683cac
SHA512

336a6795a2562adea6da783836db7e2e12ea12612842dfe5b8698676160c394e571b2ff46c82ceaeba8abae1f3b713641bbf231315df8b72d8f9f2be90466f6c
SSDEEP

3072:1TJoetcbaCaZjMhk72KIBQtgsIo+IThdfnMV7aqVtfigy:/oetcbaFBMe72KIBSgO+ITT47htfi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b49bf0c2708f905b3ce5efd607689c72_JaffaCakes118

Files

b49bf0c2708f905b3ce5efd607689c72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82425544e1ee360aeb9eaeab839484d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReplaceFileW
GetStartupInfoW
IsDebuggerPresent
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetProcessId
UnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
InterlockedExchange
EnumResourceTypesA
GetCurrentThreadId
Sleep
ExitProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess

clusapi

CloseCluster

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

user32

EnumDisplaySettingsW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ