d73fe8d1fc0db97cd3119965931dafbd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d73fe8d1fc0db97cd3119965931dafbd_JaffaCakes118
Size

190KB
MD5

d73fe8d1fc0db97cd3119965931dafbd
SHA1

7641369d74ad5418a6a60b4a50ac2efa8952a22e
SHA256

c07e18d7bc7e3106626dffe0477b8c8b004720922e9f4e4e5a7948095419c7fa
SHA512

a453eb96b7d9d079663c947dbaaa3a7324851496556806c64dc3ce959e70a6f56eb7fe58bece7dbfa3be6cba6ea2efcfcba4f567a423e24003c0c3ab2262e471
SSDEEP

3072:NeSkdrTDl8+r2Ih84YawSXEg2vGvx8u5XBGFZhWZr9QG5akMiHRKRkUyCjo0:Bkd9jm4qH7hCMkbHRKRkXKo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d73fe8d1fc0db97cd3119965931dafbd_JaffaCakes118

Files

d73fe8d1fc0db97cd3119965931dafbd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a4b8a44712f1d6a08dd6fb225cca81c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDC
GetSystemMetrics
CharNextA
GetDesktopWindow

kernel32

GetVersion
GetLastError
GetCurrentProcess
GetOEMCP
DeleteFileA
lstrcmpA
GetStartupInfoA
GetCurrentThreadId
QueryPerformanceCounter
GetConsoleOutputCP
GetCommandLineA
SetCurrentDirectoryA
RemoveDirectoryA
SetLastError
CopyFileA
GlobalFindAtomA
GetACP
GetCurrentProcessId
GetDriveTypeA
MulDiv
DeleteFileW
GetModuleHandleA
LoadLibraryW
GetThreadLocale
GetProcessHeap
GetCurrentThread
IsDebuggerPresent
GetCommandLineW
GetUserDefaultLangID
GetTickCount
Sleep
GetModuleHandleW
lstrlenA
GetWindowsDirectoryA
lstrcmpiA
GlobalFindAtomW
lstrcmpiW
VirtualAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ