d1b64745f3f97f5098375a802c249141_JaffaCakes118 | Triage

Sharing

General

Target

d1b64745f3f97f5098375a802c249141_JaffaCakes118
Size

16KB
MD5

d1b64745f3f97f5098375a802c249141
SHA1

5bce97693be66ba9256c1828a37c23e0ea85d19e
SHA256

0a83a528078caedf0799803a7f69ca0f566403fb5691e37ca71389cc4d87bbbf
SHA512

ad9cd08deed3b3676e91acf5fa53d6d698da4ab6cc134afc148ef307b4e219d44cc176e9ce6b72131cb23eb8ce56dbb91e1a4a832eb3c50864c1450b699bb119
SSDEEP

384:OkoibOaGXTrhEc4l+Yl13V1cqAdQ1QXp9MxOwXvRr:OkoipEd7Y9mQ2XpeOwt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1b64745f3f97f5098375a802c249141_JaffaCakes118

Files

d1b64745f3f97f5098375a802c249141_JaffaCakes118
.exe windows:5 windows x86 arch:x86

250da4d31b3165f84c14079d10a6f6e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetTempPathA
lstrcpyA
lstrlenA
GetTickCount
CloseHandle
WriteFile
CreateFileA
FindAtomA
lstrcatA
lstrcpynA
GetSystemTime
GetModuleFileNameA
GetProcAddress
GetVersion
GetModuleHandleA
LoadLibraryA
CreateMutexA
OpenMutexA
ExitProcess
lstrcmpA
GetLocalTime
RtlUnwind
VirtualQuery
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

GetCaretPos
wsprintfA
GetCursorPos
GetWindowRect
IsWindowVisible
GetFocus
EqualRect
ClientToScreen
InflateRect

shlwapi

SHGetValueA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE