15a5810e5901597801182e4c37e4df12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15a5810e5901597801182e4c37e4df12_JaffaCakes118
Size

822KB
MD5

15a5810e5901597801182e4c37e4df12
SHA1

4c21394b30e30d10bbd6e6453a4549d6c181853e
SHA256

a765330f6ef3c4fbbf212604339110ae7258ca41f0657316988fe97b0961bd9a
SHA512

b02e0f5c2737f75c2e4e282326e659bb186eeda0397d14b1672e43f15faddb8a3c0e5bcf025842e5305dd5499887adffde07f20e7b8aa19e4bcf0c7040d7e1c6
SSDEEP

24576:E/Ux7Qo/JoJv9wmJ6to9Y782M9NJ+AIWaUpW9i6m:Ey3/JCV6to9w8XOvUM9x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15a5810e5901597801182e4c37e4df12_JaffaCakes118

Files

15a5810e5901597801182e4c37e4df12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a78e8dae214bf89e8b95c3a252400bc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CompareStringA
GetProcessHeap
GetVolumeInformationA
GetTimeFormatA
WriteFile
ReadConsoleW
VirtualFree
GetModuleHandleA
GetEnvironmentVariableW
lstrcmpW
lstrcatA
GetCurrentDirectoryA
GetPrivateProfileIntW
GetLastError
GetFileType
VirtualProtectEx
GetSystemTime
GetDiskFreeSpaceW
CreateMailslotA

d3d9

Direct3DCreate9
PSGPSampleTexture
PSGPError
DebugSetLevel

Sections

.text
Size: 20KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 798KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cdata
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ