026898029d6720b6070908895864a64e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

026898029d6720b6070908895864a64e_JaffaCakes118
Size

219KB
MD5

026898029d6720b6070908895864a64e
SHA1

20348a0b6f62ea056ab5bb238770152288320c13
SHA256

af1be5d9f7febf011f30d7158e402e353ed19edb652ae61d712c245f296e6580
SHA512

7d4a9dbd51532dabd318b88f8c071cd0f16a5175ece32ff8d590e70c210f7c522b03ed5a47fa22301b31600ee4ae20a0486a671e9c652c69c817c77439f14f0a
SSDEEP

3072:IZPWV9Tho3FTbhDd5EaGdTkmwQVCsKKkIP9PxdUx7GZ:Fxh+FHEf/HV2KkKHK7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
026898029d6720b6070908895864a64e_JaffaCakes118

Files

026898029d6720b6070908895864a64e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

63c77c7a3d7d4dd2c2213eb1aff49b50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetACP
GetThreadLocale
Sleep
GetCurrentThreadId
SetLastError
GetCurrentProcess
GetConsoleOutputCP
GetCurrentThread
GetDriveTypeA
GetStartupInfoA
GetWindowsDirectoryA
lstrlenW
GetModuleHandleA
CopyFileA
RemoveDirectoryA
GetCommandLineW
DeleteFileA
GetProcessHeap
GlobalFindAtomW
LoadLibraryW
SetCurrentDirectoryA
MulDiv
lstrcmpiA
lstrlenA
GlobalFindAtomA
QueryPerformanceCounter
GetOEMCP
GetUserDefaultLangID
GetVersion
IsDebuggerPresent
lstrcmpiW
lstrcmpA
GetCommandLineA
GetModuleHandleW
GetLastError
GetCurrentProcessId
DeleteFileW
VirtualAlloc

user32

GetDesktopWindow
GetDC
GetSystemMetrics
CharNextA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ