b85087aba5f6577caea8af3080b78b0b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b85087aba5f6577caea8af3080b78b0b_JaffaCakes118
Size

154KB
MD5

b85087aba5f6577caea8af3080b78b0b
SHA1

20714c596d64162b075ece1819a55956d621806e
SHA256

cd38468f3c71062cf11966f9ebfcbdcd2087a7acb4ecb91917ebab14b8d2ee48
SHA512

a0a56fd4a9c8d7781ad291e9eb28394cb2b3f8188ea3fb3c45a617156820167458d41edbed08e36a99c2cc031be48e7d39edc3faf6c53134b596424f3726f2ef
SSDEEP

3072:bqG8Y/JD4s7tt5ZYeZpx0hZBCwFI6rtQ+TJQG6FEpLkD2RyveH:bvn/JD4CHh10hZBCabrtQ+TJQFCLXRym

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b85087aba5f6577caea8af3080b78b0b_JaffaCakes118

Files

b85087aba5f6577caea8af3080b78b0b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dabe2b6cbd7a8895b4d2ea255f96fc7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
InterlockedCompareExchange
HeapAlloc
SetPriorityClass
GetLocaleInfoA
MulDiv
RaiseException
TerminateProcess
IsDebuggerPresent
GetCurrentProcessId
GetThreadLocale
GetTempFileNameA
EnumResourceTypesA
GetSystemTimeAsFileTime
GetACP
SetUnhandledExceptionFilter
InterlockedExchange
GetVersionExA
HeapFree
GetLocaleInfoW
UnhandledExceptionFilter
GetPrivateProfileIntA
CreateProcessA
GetProcessHeap
GetCurrentProcess
GetStartupInfoA
GetTempPathA
QueryPerformanceCounter
TlsFree

ole32

CoMarshalHresult
CreateItemMoniker
CreateStreamOnHGlobal
CoInitialize
CoInitializeEx
CoCreateInstance
CoRevokeClassObject
CoTaskMemFree
StringFromGUID2
StringFromCLSID
CoRegisterClassObject
GetRunningObjectTable
CoUninitialize
CLSIDFromString
CoFreeUnusedLibraries
CoTaskMemAlloc

gdiplus

GdipGetImageWidth
GdipDisposeImage

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ