010bb500627b080ed61a79c6dff70679_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

010bb500627b080ed61a79c6dff70679_JaffaCakes118
Size

118KB
MD5

010bb500627b080ed61a79c6dff70679
SHA1

b4e902edef254d7e36c99affa32dc5ee72db5794
SHA256

7e3449125d2afd675a42d9a1ab34eb40500c20f1ebb5075a5560a939aa7687bd
SHA512

73c643c490166eea5e4c4f94980aecb5ec9d257a165be8809c8dd6ad10f3f0bb4e550807f6ab4df3f98c324f7b5ab87e05d0bffaeaf7c55eade2cec488992a6a
SSDEEP

3072:vbJWCACqKOl52pvOv5geMoLyryEKMW1s/AeIrwB12YqU:vb6Nbl5hvmSLyr/XW1sjVB12Yv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
010bb500627b080ed61a79c6dff70679_JaffaCakes118

Files

010bb500627b080ed61a79c6dff70679_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c13f1bf7f6023bc13a878ce3519efbb2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
DuplicateHandle
FlushFileBuffers
GetModuleHandleW
GlobalHandle
QueryPerformanceCounter
GetOEMCP
VirtualProtectEx
RtlUnwind
GetCurrentDirectoryA
lstrcmpiW
GetVersionExA
GetProcessHeap
MulDiv
GetTimeZoneInformation

msvcrt

__getmainargs
calloc
_adjust_fdiv
_initterm
free
_except_handler3
__setusermatherr
__p__fmode
__p___initenv
_XcptFilter
__set_app_type
_exit
__p__commode
_controlfp

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE