ff3d366401aa91033b1e8571c01c2768_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff3d366401aa91033b1e8571c01c2768_JaffaCakes118
Size

180KB
MD5

ff3d366401aa91033b1e8571c01c2768
SHA1

0487c36b0801b68dc96b4007704225267d7ff746
SHA256

8188afa14b1d0e46b55556e33d64d4dc98adef13d1d7a7416407dec181ee5f41
SHA512

66fbd9c85ec1194234878fa22ab6a1da330a84746095867b6a6cb7dc8163120d9bdf57941a0b1d5a67baceda8ab434c2a567074283eb47e32d59dd5fcc86b11c
SSDEEP

3072:EzI/IHOHBo4+NPFvUnAqgn1hmGn9mw2SF1EnJZLCF27Z0RBW4Wi3MvS8/+Q:Ek0yorsAhn1hmGn0wzmdCF2cBW4Wi30h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff3d366401aa91033b1e8571c01c2768_JaffaCakes118

Files

ff3d366401aa91033b1e8571c01c2768_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9f3a1af03d9f5580a80674cf2bd7f65b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisableThreadLibraryCalls
GlobalLock
VirtualAlloc
GetProcAddress
GetCurrentThreadId
GlobalHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetLastError
GlobalAlloc
GlobalUnlock
SetUnhandledExceptionFilter
GetModuleHandleA
GlobalFree
TerminateProcess

urlmon

CopyStgMedium

msvcrt

_exit
_beep

atmlib

ATMAddFontA

Sections

.data
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textbss
Size: 512B - Virtual size: 800KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE