d3fba2403e815eabf2394f06c246abe0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3fba2403e815eabf2394f06c246abe0_JaffaCakes118
Size

387KB
MD5

d3fba2403e815eabf2394f06c246abe0
SHA1

7786d5e3d5c1dfb007b533f1d704aff9a502e9dd
SHA256

0ed8df00abfd98cbf5f2c61f66082ab33d25af8cb33eb597305b721706855fbc
SHA512

b8b41c6712d3821116419002c0bf1c85fa11aef7316a48c93a3c3cda18736eb59b4f9076f67e3847eecc75576e0c719a6e2b6e83edd93b45e4da72cf3cb493b1
SSDEEP

12288:Z0nkTM2UirKi05Le0Xzju0/+ciL7otWR1/vtTP0:ZDJ9R1/vtTP0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3fba2403e815eabf2394f06c246abe0_JaffaCakes118

Files

d3fba2403e815eabf2394f06c246abe0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be9f992a469c6db1cd1215a9d05fe6ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
VirtualQuery
EnumDateFormatsW
DebugBreak
RtlUnwind
CompareStringA
QueryPerformanceCounter
GetCurrentProcess
GetProcAddress
VirtualAlloc
GetCurrentThreadId
GlobalCompact
HeapReAlloc
HeapAlloc
GetThreadContext
FileTimeToLocalFileTime
HeapFree
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
DeleteFileA
lstrcmpiW
FindNextFileA
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
EnumCalendarInfoExA

comdlg32

PageSetupDlgA
FindTextA
GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW

shell32

DuplicateIcon
DragQueryFile
ShellExecuteExA
CheckEscapesW
SHChangeNotify
SheChangeDirA
SHFileOperation
FindExecutableW
DoEnvironmentSubstA
ShellAboutW
SHAddToRecentDocs
SHGetFileInfo
DoEnvironmentSubstW
SHGetSpecialFolderPathW
DragQueryFileW
SHLoadInProc
ShellExecuteW
ShellHookProc

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ