0f530f04c72efbe6d030202d6ae18430_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f530f04c72efbe6d030202d6ae18430_JaffaCakes118
Size

94KB
MD5

0f530f04c72efbe6d030202d6ae18430
SHA1

7c27cbfc6a875383c7d4896a0b800e5dec2b6fe7
SHA256

dbf677cbe23829fc07a5d3135604a15c9cc6acdd74a56226b020fc5de1c3437d
SHA512

40e0a9ba818a6f094cc9d2f51d77d369407979af732e88939daa7f3cc43167bf8cb1afd15a7b71bcd289621499e7827e938dc487102d007d1aa8c40195b20e38
SSDEEP

1536:Ms7Dvy9wGL2Jiy7QK6zUHvicW/I9oLviqJOqK0UBuld1XMhivcWvbmWe7hLdKYPE:Ms7T2dL24y7QI+WoLviqJO10PTaXXhLq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f530f04c72efbe6d030202d6ae18430_JaffaCakes118

Files

0f530f04c72efbe6d030202d6ae18430_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b054b29dfdd55d7b430b45cb87cdda13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ulib

?Allocate@MEM_ALLOCATOR@@QAEPAXK@Z
?IsKeyPressed@MESSAGE@@UAEEKK@Z
?DoNotRestoreConsoleMode@KEYBOARD@@UAEXXZ
?SetSize@BITVECTOR@@QAEKKW4BIT@@@Z
?Replace@WSTRING@@QAEEKKPBV1@KK@Z
?QueryTime@TIMEINFO@@QBEEPAVWSTRING@@@Z
?ReadLine@STREAM@@QAEEPAVWSTRING@@E@Z

kernel32

GetModuleHandleA
GetLastError
lstrcpynA
FormatMessageA
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
Sleep
GetTickCount
GetDateFormatW
TerminateProcess

msvcrt

wcsrchr
_strnicmp
_waccess
_wctime
_itoa
_strlwr
_stat
wcsstr

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE