d3a01030be6e234353f2b6f8cfe31829_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3a01030be6e234353f2b6f8cfe31829_JaffaCakes118
Size

132KB
MD5

d3a01030be6e234353f2b6f8cfe31829
SHA1

73ea60c5f280cbd04cfb6ec2c57b03e700f20d43
SHA256

87d882779340aecdda529abc74dbe37c5c0c4e80c5f4b1fb7c5de20f0a8b00d1
SHA512

7e549bc82df47192d2b2b74dd8cb53aab9ae836d0709aa1530c2b32ef795be09118da804bab864afa603e6f8fec9fd5a4d35568d70b5cb6de1718d90001fa507
SSDEEP

3072:GOp2dJbUMZq6FMQkNFrAXHShGK/mBoF8GH8YX2E8v:GOI/UMZq6F2/sXHShGKOGORYGE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3a01030be6e234353f2b6f8cfe31829_JaffaCakes118

Files

d3a01030be6e234353f2b6f8cfe31829_JaffaCakes118
.exe windows:6 windows x86 arch:x86

a9f9cf6f59220c9564d9cf81712d258b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

LAPc.#ffEQJ#6N+sV.pdb

Imports

msvcrt

memset

user32

WindowFromPhysicalPoint
CopyIcon
HideCaret
GetClientRect
GetWindowInfo
CopyImage

kernel32

TlsFree
GetThreadIOPendingFlag
HeapDestroy
CloseHandle
GetVersion
IsValidLocaleName
GetCommandLineW
GetLargePageMinimum
ReleaseActCtx
ContinueDebugEvent
LocalAlloc
GetLargestConsoleWindowSize
GetSystemDefaultLocaleName
Heap32First

shlwapi

ord29

oleaut32

VarCyCmpR8
VarCyFromR4

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ