e25ad00086ec35a280048e26e3c6ed0e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e25ad00086ec35a280048e26e3c6ed0e_JaffaCakes118
Size

188KB
MD5

e25ad00086ec35a280048e26e3c6ed0e
SHA1

6b6708906a3d2ed54499af9fc3122657b892515f
SHA256

c81d32d999a76f8b892464887037019a73d817aeade158b02e4459217921b93f
SHA512

08cf77ba5d03690a2d91c7a0a970c0b27f6e20df0c997dd2fce7da656a72d59ac149257f8e8bb19fc2fe1a1cb15d0b65ce7e351535f26716abbf46929af60b67
SSDEEP

3072:rbbY0eZdtaePgh6vKsam8GKObBsxEv9Avi9Sg3OF:/HeZ1PY2KOaE1Av58

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e25ad00086ec35a280048e26e3c6ed0e_JaffaCakes118

Files

e25ad00086ec35a280048e26e3c6ed0e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

51951ea4242b4b796f72f6858d8bc2a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
SetCurrentDirectoryA
MulDiv
SetLastError
GetTickCount
GetACP
IsDebuggerPresent
GetCommandLineA
GetCurrentProcess
DeleteFileW
LoadLibraryW
DeleteFileA
GetLastError
GetVersion
GetWindowsDirectoryA
lstrlenW
RemoveDirectoryA
GetProcessHeap
CopyFileA
GetDriveTypeA
GetCurrentThreadId
lstrcmpA
GetOEMCP
GetUserDefaultLangID
GetCurrentProcessId
GetStartupInfoA
lstrcmpiW
lstrlenA
GetConsoleOutputCP
GetCommandLineW
GetCurrentThread
lstrcmpiA
QueryPerformanceCounter
GlobalFindAtomA
Sleep
VirtualAlloc

user32

GetDC
CharNextA
GetSystemMetrics
GetDesktopWindow

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ