f6c26c06372829d2b979be08dc7af2e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6c26c06372829d2b979be08dc7af2e2_JaffaCakes118
Size

91KB
MD5

f6c26c06372829d2b979be08dc7af2e2
SHA1

9831910316ce4a256383c680d8c9b62acf302c53
SHA256

bac6e7041025e4bbddf010b616f27561a852a869799ec7addb52f3da5ac09f83
SHA512

96fcf9146bbd4ff0537db3b103f265c62d28e7b763212e6b684452ae0651299293139c88d84cf7e3c52cbfda1efc8914544c5d1dc98f4702e043810f69362941
SSDEEP

1536:a3ZfTemc052Xa4ZrTEbj6bGcvuFS+sA6P1jrrjCD98v2WCkjq0x6akipCy7m:a3dTeTq8TXbGcvuk+V6PBa98YkW0x6ss

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6c26c06372829d2b979be08dc7af2e2_JaffaCakes118

Files

f6c26c06372829d2b979be08dc7af2e2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e92f2fd38462e5c1e5c7177a6d22af39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA

kernel32

ReadFile
SetUnhandledExceptionFilter
GetLocaleInfoA
InterlockedDecrement
FileTimeToSystemTime
CompareStringA
ReleaseMutex
OpenMutexA
IsBadCodePtr
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateMutexA
GetLastError
CloseHandle
FileTimeToLocalFileTime
lstrcpyA
QueryPerformanceCounter
ExitProcess
LocalFree
FormatMessageA
IsDebuggerPresent
CreateFileA
VirtualAlloc
GetModuleHandleA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

wsprintfA
MessageBoxA
CreateWindowExA
GetDlgItem
GetMessageA
TranslateMessage
EnableWindow

ole32

CoTaskMemAlloc
CoTaskMemFree

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ