e2446ee9c1311426f538fa27e11c948b_JaffaCakes118 | Triage

Sharing

General

Target

e2446ee9c1311426f538fa27e11c948b_JaffaCakes118
Size

802KB
MD5

e2446ee9c1311426f538fa27e11c948b
SHA1

983f6d433b67ffe61d7a8c72f5ec6c6937956ff0
SHA256

18a0d67dd94c212819ba6d21f682b198b45613c0c0739352087947f674d87a77
SHA512

3cba96ec5a7eb0ddb93b80d828c1601320bc415aa49be5d0781f4fb472ed937952212035ff7d0ef32c60996835d777bc634d1dce4ab9930a6a3d5a9ed43405ed
SSDEEP

12288:6Iqr08Vw2NOF1bTGKFd+CnIp96ye0zca6Z4SPHiiP+MKX7tcWpECz9e:6IqBw2NW1bTZzDMEa6qSPHi6OxcWz9e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2446ee9c1311426f538fa27e11c948b_JaffaCakes118

Files

e2446ee9c1311426f538fa27e11c948b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

748f32f3d23f777f403e9f3f3261236b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_initterm
_wcsnicmp
rand
iswspace
_wcsupr
_beginthreadex
_errno
_jn
_unlock
__dllonexit
_lock
_onexit
swscanf
memset
_vsnprintf
_CxxThrowException
towlower
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
toupper
iswctype
wcsrchr
memcpy

kernel32

GetProcessHeaps
CreateIoCompletionPort
GetQueuedCompletionStatus
HeapValidate
PostQueuedCompletionStatus
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
HeapCreate
HeapSize
HeapValidate
HeapReAlloc
HeapDestroy
SwitchToThread
DeleteTimerQueueTimer
TryEnterCriticalSection
InitializeCriticalSection
LocalFileTimeToFileTime
SystemTimeToFileTime
CompareFileTime

gdiplus

GdipGetImageThumbnail
GdipCloneImage
GdipDrawImageRectI

Sections

.text
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ