efcc5c77497174e446e9afaf2e834faa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

efcc5c77497174e446e9afaf2e834faa_JaffaCakes118
Size

151KB
MD5

efcc5c77497174e446e9afaf2e834faa
SHA1

6474eb6cdec497f9666b5e457a266b9ab3398c88
SHA256

4c63c8665149a791c59016f84d3bde0085bf5083f2687b88ddb5d524d6630434
SHA512

a8d46169b3b0fbce2c341381e0aeb72b071ee3193d9ba0bcfec905037391824a1850b15b5577a95689734d064bee976cce6b63dfeace7c5d3ef9caf5689fd500
SSDEEP

3072:0/eMe7T3bGcS9Ea5bJf/Y3WKS58sliTibxhxf4Q75:IezGVTL/YRsNzxfv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efcc5c77497174e446e9afaf2e834faa_JaffaCakes118

Files

efcc5c77497174e446e9afaf2e834faa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

964f536dba19e0d52a3b04836f147511

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
VirtualAlloc
QueryPerformanceCounter
GetModuleHandleA
GetDriveTypeA
GetCurrentProcess
GetThreadLocale
RemoveDirectoryA
VirtualFree
lstrlenA
GetProcessHeap
DeleteFileW
GetCurrentThreadId
GetModuleHandleW

user32

ShowWindow
GetDesktopWindow
DispatchMessageA
GetParent
TranslateMessage

gdi32

SetStretchBltMode
SelectPalette
SelectObject
CreatePen
LineTo
CreateSolidBrush
DeleteObject

glu32

gluTessCallback

comctl32

InitCommonControls

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Tgtp Dys
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ