eb3c40dbd32e5d204a469aad49ff8411_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb3c40dbd32e5d204a469aad49ff8411_JaffaCakes118
Size

187KB
MD5

eb3c40dbd32e5d204a469aad49ff8411
SHA1

8310f18ed46a22358532018b2a13abde775d420e
SHA256

4d7d696f8fd6bdf7940e281262fe59780645f02a90633a2d999cb94cedeb17c0
SHA512

43e2e944ed4240bc1499fd9aa16250301e4fe75d6488fa0cdde0538e7b922aec580a887583482cbbdfa3ec28ec8c428a6dc1aedcbce4c195e1d9edd9d4c98205
SSDEEP

3072:bnd550ZpLaL3lyg+2I7gw4J9k5iH8zhT7sx01+C5Gvgqp:yZpq3YgBI7n4Ji53zhX801+0M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb3c40dbd32e5d204a469aad49ff8411_JaffaCakes118

Files

eb3c40dbd32e5d204a469aad49ff8411_JaffaCakes118
.exe windows:4 windows x86 arch:x86

315f7966d68e14de65e8c0277a13be11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmAssociateContext

kernel32

CreateFileW
SetProcessPriorityBoost
CreateProcessW
GlobalAlloc
ReadFile
InterlockedDecrement
GetModuleFileNameW
EnumResourceTypesA
Sleep
TerminateThread
WriteFile
GlobalLock
GetStdHandle
CreateEventW
DeleteCriticalSection
GlobalUnlock

ole32

GetHGlobalFromILockBytes
CoTaskMemFree
StringFromGUID2

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ