d17d22833a687db436355847930480a2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d17d22833a687db436355847930480a2_JaffaCakes118
Size

212KB
MD5

d17d22833a687db436355847930480a2
SHA1

e7785adec099366ffff74eaa6a47a5e9aa750444
SHA256

17bbda8f45a366104024805f009fee3a80000f01dc3ff11d3c9b31ef04f3f35b
SHA512

e2c643d47fd30b447246f22bcc53036cefc36e17704d2f23dfb3d2217d66520ed6643451f5dd417f066bcbbe02f750bed8ec816b216c9d88528dc8ed6f7eb8b2
SSDEEP

3072:llslcXMcb9jobo7NG0EqjP8DR2bgbOYKbj:32cXnjob8GPjsK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d17d22833a687db436355847930480a2_JaffaCakes118

Files

d17d22833a687db436355847930480a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bad52b2c93bc6ee980383785008a45b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetSystemDirectoryA
GetSystemTimeAsFileTime
ExitProcess
GetProcessWorkingSetSize
ReadConsoleInputA
GetTimeFormatA
SetVolumeLabelA
GetConsoleInputWaitHandle
GlobalFindAtomA
SetConsoleNumberOfCommandsA
GetThreadPriority
GetModuleFileNameA
OpenMutexA
GetThreadPriorityBoost
GetWriteWatch
VirtualAlloc
CreateDirectoryExA
GetFileType
GetCommandLineW
ReadConsoleOutputCharacterA
DuplicateHandle
GetProcessAffinityMask
GetEnvironmentVariableA
GetProcessTimes
SetInformationJobObject

wininet

HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
InternetOpenA
InternetConnectA
DeleteUrlCacheEntryW
InternetOpenUrlA

Exports

Exports

Atbvelh
WriteOoarddw

Sections

.rtext
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 200KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ