13213bf9540220c178d71cf46116abe1_JaffaCakes118 | Triage

Sharing

General

Target

13213bf9540220c178d71cf46116abe1_JaffaCakes118
Size

203KB
MD5

13213bf9540220c178d71cf46116abe1
SHA1

a5df5fe89939f5c66eda44082675a3d9a3cea008
SHA256

66169ecf3d0691695b660bd8d9dfe7bb0ad6a990963c98052a4fa519ad5dc9bf
SHA512

16e12d655b8e3e46d9797b5aab2f1ccc808bcdfbb1d468766f7b413f0e88beb0533e4c54ea6e48a6cc932aa3fe86b45f367e7dda2663b580022dbaa98b764778
SSDEEP

3072:bO3iZRzLB8TuQDUml6ym0GOleG6PezqX7pwPpxQPHG4P012wCo99Raen+HmHAXMf:bO3Yp6TuC9GOZ6JExQPHGxHAXMA0Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13213bf9540220c178d71cf46116abe1_JaffaCakes118

Files

13213bf9540220c178d71cf46116abe1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b767908cd738dcd2d4da9c5541ed1a60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextA
GetDesktopWindow
GetDC
GetSystemMetrics

kernel32

GetModuleHandleA
IsDebuggerPresent
DeleteFileW
lstrlenW
GetUserDefaultLangID
GetConsoleOutputCP
SetCurrentDirectoryA
GetThreadLocale
lstrcmpiW
GetLastError
lstrcmpiA
lstrcmpA
GetCommandLineW
QueryPerformanceCounter
GlobalFindAtomW
Sleep
MulDiv
GetOEMCP
GetACP
GetCurrentThreadId
GlobalFindAtomA
GetCommandLineA
SetLastError
VirtualAlloc
LoadLibraryW
GetProcessHeap
DeleteFileA
lstrlenA
GetDriveTypeA
GetModuleHandleW
CopyFileA
GetCurrentProcess
GetTickCount
GetStartupInfoA
GetCurrentProcessId
RemoveDirectoryA
GetCurrentThread
GetVersion
GetWindowsDirectoryA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ