0bf785a4fea007c264458feb1b1b1109_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bf785a4fea007c264458feb1b1b1109_JaffaCakes118
Size

77KB
MD5

0bf785a4fea007c264458feb1b1b1109
SHA1

b762ff416cde5f3f64801ab7120c0e4130c0116f
SHA256

e4e7b5915831c16c5898b87c70745ce9624b219e304db6ab5181e9995b7fe456
SHA512

5a003054fc1e55cbfbcf49018e4f3fefaabdaf3a78bba070b6d88c0fc716259ff5da7c14be5c0ca85b70a74711a4c4fd5af21d0b4c1d2bc8f4aea10a15e134c9
SSDEEP

1536:RYZAU/yhPWnTitLZqeFB5b9FEYB+SnUywJy+cS6mc/lm3MP6nQUdZT:RYeJ1WnTGHB5b9FAcUd411/mku

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bf785a4fea007c264458feb1b1b1109_JaffaCakes118

Files

0bf785a4fea007c264458feb1b1b1109_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b2eab7c4fd55cb71ac86d2cb9ee0fd07

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SaveDC
CreateFontIndirectA
CreatePalette

kernel32

GetProcAddress
ExitProcess
LoadLibraryExA
GetDiskFreeSpaceA
InitializeCriticalSection
GetCurrentThread
GlobalDeleteAtom
LockResource
VirtualAllocEx
GetStringTypeA
GlobalAlloc
GetStdHandle
VirtualFree
GetCurrentThreadId
WaitForSingleObject
GetFileType

shlwapi

PathIsDirectoryA
PathIsContentTypeA

msvcrt

memmove
wcscspn
clock
memcpy
wcsncmp
swprintf
calloc
malloc

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
CoCreateInstanceEx
CoUninitialize

Sections

INIT
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 47KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 512B - Virtual size: 394B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 571B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ