ba6b781f892e3c126a9398d299c68e09_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba6b781f892e3c126a9398d299c68e09_JaffaCakes118
Size

188KB
MD5

ba6b781f892e3c126a9398d299c68e09
SHA1

8e449dbc8bb82e3e7916ee1d9bc56e571840e099
SHA256

5bf738af0c01cbfce543a7b9eeeb0a5558571ff73436de7199105916f733ff43
SHA512

fca71e3d38b963f24b7972822304e8c2d2eb442dd0060cfb93ceea7ce3e24882e845f365f9843216a66e67154b6cde959a8ec665a180b35d94feb8657a81408e
SSDEEP

3072:WCqW/J61ApDMXLV3KSUeGHQMR3wkwcnKXB3s/6pUWid3t3QxkaCj:WvW/J61353KdoAwkwcKXB32WivAxka

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba6b781f892e3c126a9398d299c68e09_JaffaCakes118

Files

ba6b781f892e3c126a9398d299c68e09_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fecf752b90fde21484fed115ad76acbf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

winmm

timeGetTime
timeSetEvent

gdiplus

GdipCloneImage

ole32

OleTranslateAccelerator
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

kernel32

LocalFree
InitializeCriticalSection
SetFirmwareEnvironmentVariableA
DeleteCriticalSection
LoadLibraryA
GetLastError
EnterCriticalSection
GetSystemInfo
GetModuleHandleA
EnumResourceTypesA
GetProcAddress
LocalAlloc
GetShortPathNameA
LeaveCriticalSection
LCMapStringA
LCMapStringW
SetStdHandle
GetStringTypeA

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ