bc8a5ec9ca0911f4ee5ac43d457a6825_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc8a5ec9ca0911f4ee5ac43d457a6825_JaffaCakes118
Size

97KB
MD5

bc8a5ec9ca0911f4ee5ac43d457a6825
SHA1

99d65895507e68f5708c0c7a156c500b367d53d4
SHA256

a6c769dfa2c5bc982e11ba3a6180bb4e05e9db024f19e2232375ad025056ec63
SHA512

70eb2039deb47e7544482fa0c7576b1273eea3793cff8cc91a3401e2f2afa3c52d243ccb96e07a6fc076b1a4fc410208d837da380bd1c95d6700840161071061
SSDEEP

1536:fTJza+Fe9UbBEEQb08NO58tMOGgRS/XraEALSxo0fMedZDsV:AHCbBs0CO58y1XXra/UM0Ds

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc8a5ec9ca0911f4ee5ac43d457a6825_JaffaCakes118

Files

bc8a5ec9ca0911f4ee5ac43d457a6825_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1e7b60db438c0555a7cb850335b6b64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSystemMetrics
GetDC
GetDesktopWindow
CharNextA

kernel32

DeleteFileA
GetModuleHandleA
GlobalFindAtomA
GlobalFindAtomW
GetStartupInfoA
GetVersion
GetCurrentProcess
QueryPerformanceCounter
GetACP
Sleep
GetCommandLineA
GetModuleHandleW
DeleteFileW
MulDiv
CopyFileA
GetWindowsDirectoryA
GetOEMCP
GetDriveTypeA
VirtualAlloc
LoadLibraryW
lstrlenA
lstrcmpiW
IsDebuggerPresent
GetThreadLocale
lstrcmpA
RemoveDirectoryA
GetCurrentThreadId
SetLastError
GetCurrentThread
SetCurrentDirectoryA
GetUserDefaultLangID
GetLastError
GetProcessHeap
lstrlenW
GetCommandLineW
GetConsoleOutputCP
GetTickCount
lstrcmpiA
GetCurrentProcessId

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ