be5253a2eb79d8db439a7585d98e3b4f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be5253a2eb79d8db439a7585d98e3b4f_JaffaCakes118
Size

297KB
MD5

be5253a2eb79d8db439a7585d98e3b4f
SHA1

c067ba25cb0e8ae1fd53e49b8f7a64fea11d6e82
SHA256

9e9c1abaed812464334e1e5ec2d23e5ac132c0e5998b982e8f300c196c10a2c8
SHA512

88b03e28a574db3cab18aa2e62bd111cf6a2f65807d8495e0dfcdf7d43de756c1f3512b2538579235b5a80e6132b44b1dcaf7451311c4844f8186e435cee88d3
SSDEEP

6144:MElAY1UvaSh8uT5x5J0lBatB2LaWO36hTGE6NApTL1qm+:MEYSPuTo6fUat3aTGE6Q1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be5253a2eb79d8db439a7585d98e3b4f_JaffaCakes118

Files

be5253a2eb79d8db439a7585d98e3b4f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

605c38326f803bdc12ed3dd2a19237be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
VirtualProtect
GetCommandLineA
GetVersion
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
HeapCreate
DisableThreadLibraryCalls
HeapDestroy
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
Sleep
HeapFree
GetProcessHeap
HeapAlloc
LocalAlloc
LocalReAlloc
LocalFree
GetModuleHandleA
GetStartupInfoA

user32

LoadStringW
GetSystemMetrics

ole32

CoTaskMemFree
CoTaskMemAlloc

msvcrt

_XcptFilter
_controlfp
__CxxFrameHandler
_except_handler3
free
_callnewh
malloc
_initterm
memcpy
_adjust_fdiv
_exit
__set_app_type
exit
_acmdln
__getmainargs
__setusermatherr
__p__commode
__p__fmode

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ