0eaf5a6e4b03879c2ab5c35d0ed3bd14_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0eaf5a6e4b03879c2ab5c35d0ed3bd14_JaffaCakes118
Size

178KB
MD5

0eaf5a6e4b03879c2ab5c35d0ed3bd14
SHA1

1c6e5b64cbdf15703f83caac3eb467953cabb15b
SHA256

fd2719bcc81e37c9f270ca8f2752388c37e062936bdc7fcc199af0cde77463f3
SHA512

c2981d7f7b4331557c7630976a779d85b5e772f9aec2ecf6741b76ce62fd0aeacd17fd34aafb40b4c345a9b8345a5166106abaa29b327365c86eb259ff15eda4
SSDEEP

3072:KbkkzaZZHAlUjUGdGfKYlRO7MYrfDSSSfy+OAbSgi0dSBVY8/Dgz5/ZehSI3lZxC:QpWUGdfYQfDSS0yLO10Y8LwtMhS0Zr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0eaf5a6e4b03879c2ab5c35d0ed3bd14_JaffaCakes118

Files

0eaf5a6e4b03879c2ab5c35d0ed3bd14_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1b38112b330410f20c6df02df90cc22b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

kernel32

GetModuleFileNameA
QueryPerformanceCounter
ExpandEnvironmentStringsA
ExitProcess
SystemTimeToFileTime
GetCalendarInfoW
HeapCreate
GetVersionExA
GetCurrentProcessId
DeleteFileA
HeapSize
CreateDirectoryA
GetTempPathA
GetVersion
SetHandleCount
GetNumberFormatA
MultiByteToWideChar
GetStringTypeW
EnumResourceNamesA
WaitForSingleObject
IsDBCSLeadByte
GetTickCount
GetCPInfo
CompareStringA
GetFullPathNameW
DeleteFileW
FindResourceA
WideCharToMultiByte
InitializeCriticalSection
lstrcpynW
GetStartupInfoA
lstrcpynA
GetStringTypeA
Sleep
GetCurrentProcess
GetLocaleInfoA
HeapDestroy
GetFullPathNameA

ole32

CoGetMalloc
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ