fb74a3b19bcf23d2c65b05bb797d5bef_JaffaCakes118 | Triage

Sharing

General

Target

fb74a3b19bcf23d2c65b05bb797d5bef_JaffaCakes118
Size

97KB
MD5

fb74a3b19bcf23d2c65b05bb797d5bef
SHA1

bd3737b457ddd6be98ed94d790620e6f3b738b87
SHA256

98f7d68ec4243b402856cb0ffec0f8d388842b19357ebb6a94866aca3e23f38d
SHA512

083ae1981829e019f382fd7069c3bf663f347989a145b5c0309faa60b02d296bea59dc7da2f5ca3f6d7000cde393695b14b52d9c4319ee726b8593b4f76f77ff
SSDEEP

1536:ZT2uenEIw0eO51l88oBjs4V157ke5rT0kiKv8c:ZOnEIw5CoBJLkervvv8c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb74a3b19bcf23d2c65b05bb797d5bef_JaffaCakes118

Files

fb74a3b19bcf23d2c65b05bb797d5bef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d168fac90d31eb7ca582f1c992e23c96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSystemMetrics
GetDesktopWindow
CharNextA
GetDC

kernel32

DeleteFileW
GetWindowsDirectoryA
RemoveDirectoryA
GlobalFindAtomW
lstrcmpA
lstrlenA
DeleteFileA
GetCurrentProcessId
GetCurrentThreadId
lstrcmpiW
QueryPerformanceCounter
GetVersion
IsDebuggerPresent
GetThreadLocale
GetCommandLineW
GetProcessHeap
CopyFileA
MulDiv
SetCurrentDirectoryA
GetOEMCP
GetCommandLineA
Sleep
GetConsoleOutputCP
GetDriveTypeA
GetCurrentProcess
SetLastError
GetACP
GetCurrentThread
GetTickCount
LoadLibraryW
lstrlenW
GetStartupInfoA
GetLastError
GetModuleHandleW
lstrcmpiA
GetModuleHandleA
GetUserDefaultLangID
VirtualAlloc
GlobalFindAtomA

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ