b9263108df6f62c47a55c742af4f91c2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9263108df6f62c47a55c742af4f91c2_JaffaCakes118
Size

136KB
MD5

b9263108df6f62c47a55c742af4f91c2
SHA1

d73740c4dd1b809d7988ff7e59a84c3b373a1c55
SHA256

8d6e205d52b98ae4e2795c54c1cc31e656462eb4de5b48ceb886601f2bbf7219
SHA512

a9e742a7915bdf6ca109d9b1f94b4c953255835b8d08e33080af6f624557b415c418406af3495fa797760463e2a76b74ae67a77fd66e626cc3313bc18e1dca73
SSDEEP

3072:T5d0M1B5dqUJuyTlptkwbRNSZfp7ftw74EtR:TX0M13bTYZZfW7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9263108df6f62c47a55c742af4f91c2_JaffaCakes118

Files

b9263108df6f62c47a55c742af4f91c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6bdbe13e757b10faed3b5da7ef6941a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

memset
strcpy
strlen
memcpy
localtime
mktime
gmtime

kernel32

GetModuleHandleA
HeapCreate
GetProcAddress
HeapDestroy
ExitProcess
GetCurrentProcess
WaitForSingleObject
VirtualFreeEx
CloseHandle
LoadLibraryA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetWindowsDirectoryA
GetSystemDirectoryA
GetVersionExA
HeapAlloc
HeapFree
FreeLibrary
IsBadReadPtr
FindFirstFileA
FileTimeToSystemTime
FindClose
DeleteFileA
MoveFileA
CopyFileA
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetLocalTime
WriteFile
HeapReAlloc

Sections

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 11B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flat
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE