0789a61e2fd35ad01fe14a4820901766_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0789a61e2fd35ad01fe14a4820901766_JaffaCakes118
Size

167KB
MD5

0789a61e2fd35ad01fe14a4820901766
SHA1

0e05646f3b3e4b23cd35dac4b01d2ea52328cfa3
SHA256

c9c8cb5b0c9d1437aca6846299a0fa23829a3b0f8d2494f8d382e830ab37a6de
SHA512

c42839bc83c696c2864c4570e991924106079128fa2ebe0472c5d6b212e6a475afc1193eec8c378721aa367bf3b82a80a275b1a00df7a4578187d211c56576b0
SSDEEP

3072:kEvMLxgZLy3CUTG54AXKJHgzHOxaAiwK2c3sM:9ZMD+4fwnr2c3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0789a61e2fd35ad01fe14a4820901766_JaffaCakes118

Files

0789a61e2fd35ad01fe14a4820901766_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1447b7f7b90f938c80ef6e860be27b78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateEventA
CreateFileA
DisableThreadLibraryCalls
GetACP
GetCurrentProcess
GetCurrentThreadId
GetLastError
GetOEMCP
GetProcessHeap
HeapAlloc
HeapDestroy
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
SetLastError
UnhandledExceptionFilter
VirtualAlloc
lstrcmpiA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ