1007c64c648334c38e75db2cdf183c4d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1007c64c648334c38e75db2cdf183c4d_JaffaCakes118
Size

201KB
MD5

1007c64c648334c38e75db2cdf183c4d
SHA1

f82d0100d157fb55a17fa26b5a5f922d242f8001
SHA256

bbd289b92cc554d73ccf50e4d56e6c88308968c16804fa35e138f0fe5d35bf22
SHA512

a655e0b50c69fd964f9e0afae93d4f4baeefccabe2b45db539b738e8d0f275d9e463203ebc0e06747c1dcacee44447dcfb6b9a0c1ce95364e0c46efd7ff4c341
SSDEEP

3072:myM1CGRHIN1Kdf7RMtnzkxH0DaXGU2jIk1Zw8HHI:tEhsKdf7qjDaXGSUm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1007c64c648334c38e75db2cdf183c4d_JaffaCakes118

Files

1007c64c648334c38e75db2cdf183c4d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

98a0e4a932e1850e94396e7d32414e92

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
GetACP
QueryPerformanceCounter
lstrlenW
GetVersion
SetLastError
GetThreadLocale
CopyFileA
GetStartupInfoA
GetConsoleOutputCP
GetDriveTypeA
GlobalFindAtomW
DeleteFileA
LoadLibraryW
GetModuleHandleA
GetCurrentProcessId
MulDiv
RemoveDirectoryA
lstrlenA
GetCurrentProcess
Sleep
GetWindowsDirectoryA
lstrcmpiW
SetCurrentDirectoryA
GetUserDefaultLangID
GetProcessHeap
lstrcmpA
lstrcmpiA
GlobalFindAtomA
GetCommandLineW
GetCurrentThreadId
GetModuleHandleW
DeleteFileW
GetTickCount
GetLastError
GetOEMCP
GetCommandLineA
IsDebuggerPresent
VirtualAlloc

user32

GetDesktopWindow
CharNextA
GetSystemMetrics
GetDC

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ