e9ead5a6e391d670e9c135c07b20f620_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9ead5a6e391d670e9c135c07b20f620_JaffaCakes118
Size

205KB
MD5

e9ead5a6e391d670e9c135c07b20f620
SHA1

a4d8afcf28c87d90363376b4cb1b33ac33bdcae9
SHA256

40d2e73606893f91dae3a38762b56ed8b0c4fcda037954719484692598329019
SHA512

d1f661650bf5e115905d7a8f73fec15a1446a3a1e42a2cefb2efeb7525affb93830695c7243fb2088137731960fd3c883f6639b124d1d1b2b9648e157c9526d4
SSDEEP

3072:I2Q0wPinl7j3y/+c27rIu6g7yvXUkNewdY95t30rnMTSVkYy3SFf3RLQ73:lDri+6gQUkNvdY95tyq3YgSJRU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9ead5a6e391d670e9c135c07b20f620_JaffaCakes118

Files

e9ead5a6e391d670e9c135c07b20f620_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a1d9952f7441c006b5c838738f505420

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSystemMetrics
CharNextA
GetDC
GetDesktopWindow

kernel32

GetOEMCP
GetCommandLineW
GetModuleHandleA
Sleep
GetThreadLocale
VirtualAlloc
GetCommandLineA
LoadLibraryW
CopyFileA
GetCurrentProcess
GetDriveTypeA
SetLastError
lstrlenW
GetLastError
GlobalFindAtomW
GlobalFindAtomA
lstrcmpiW
GetCurrentThread
QueryPerformanceCounter
SetCurrentDirectoryA
GetVersion
GetProcessHeap
GetModuleHandleW
GetStartupInfoA
GetCurrentThreadId
GetTickCount
lstrlenA
RemoveDirectoryA
GetConsoleOutputCP
lstrcmpA
GetWindowsDirectoryA
GetCurrentProcessId
MulDiv
GetUserDefaultLangID
IsDebuggerPresent
DeleteFileA
DeleteFileW
GetACP
lstrcmpiA

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ