b5151313c11a672933c08096860e4909_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5151313c11a672933c08096860e4909_JaffaCakes118
Size

169KB
MD5

b5151313c11a672933c08096860e4909
SHA1

8d9c39e11b7e7d83f6abf4e9bf198af84b1d2bba
SHA256

55d743b6e1d0cc1651ec6c7d5bc67f4450dc6502247f50ea4e0ce842226902cd
SHA512

150ae1a1ddafc44e225f3a99d87dfd0b61c1cf3bee819d356ef1f000af43a5a7eabd9eb7e3a07d2e7690dc3d2f9599ee58e3e5c535c7acc17ee2a45dd71a832d
SSDEEP

3072:NqHn4T4rS6ZjNB4eYLJ+iMXV1L01JpRriQsXBzLOktPUI:NqHn48lZQxLOXVZQ5PMB2w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5151313c11a672933c08096860e4909_JaffaCakes118

Files

b5151313c11a672933c08096860e4909_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e140847c6f172667d4bf0ad08e6f7717

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
LockResource
lstrcmpiA
ReplaceFileW
lstrlenW
LoadResource
GetTickCount
GetProcessId
RaiseException
QueryPerformanceCounter
LocalAlloc
InterlockedCompareExchange
FindResourceA
GetCurrentThreadId
Sleep
EnumResourceTypesA
EnterCriticalSection
lstrlenA
WideCharToMultiByte
InterlockedExchange
SizeofResource
GetModuleFileNameA
ExitProcess
CreateProcessA
GetLastError
LeaveCriticalSection
GetStartupInfoA
GetSystemTimeAsFileTime
FindResourceExA
GetEnvironmentVariableA
GetVersionExA
GetCurrentProcessId
GetModuleHandleA

clusapi

CloseCluster

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ