2864db5c0544d56d17ea6267105f7d8f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2864db5c0544d56d17ea6267105f7d8f_JaffaCakes118
Size

165KB
MD5

2864db5c0544d56d17ea6267105f7d8f
SHA1

e00fe5ee2c3cbe5da8abb409f3c6e9ba3ddeb950
SHA256

625378a439262f8f0b4f4cb4ff5e4a2d6bba354990f105ddcc8b8f84dcb719ef
SHA512

98abeef96fe7cdb985f103a0817b93364e50eb0ddf9eb490b708d51b85784ba0a748681364560767e31fa302c5981e9a604e224c892e941c40ae38b077029fd2
SSDEEP

3072:Pu8t+aJ5p594XgDIDr4jyf1zcPK6RyOItf1QzAj4fcAW:PltZJf594UIDmyf1zsyHeAjKcAW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2864db5c0544d56d17ea6267105f7d8f_JaffaCakes118

Files

2864db5c0544d56d17ea6267105f7d8f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d12a59abecd97b2175af9fec209c86dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
GetCPInfoExA
GetOEMCP
InterlockedIncrement
FreeEnvironmentStringsW
GetVersionExA
TlsGetValue
GetLocaleInfoA
WideCharToMultiByte
GetTickCount
InterlockedExchange
GetEnvironmentStrings
GetLastError
GetACP
GetEnvironmentStringsW
WriteFile
HeapSize
GetStdHandle
EnumResourceTypesA
MultiByteToWideChar
EnterCriticalSection
GetThreadLocale
GetCPInfo
lstrlenW
GetStartupInfoA
UnhandledExceptionFilter
SetHandleCount
FreeEnvironmentStringsA
LoadLibraryW
DeleteCriticalSection
RaiseException
GetFileType
TlsSetValue
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcessId

msimg32

AlphaBlend
TransparentBlt

gdi32

GetDeviceCaps
DeleteObject
GetTextExtentPointA
GetTextMetricsA
SelectObject
CreateFontIndirectA

ole32

CoGetMalloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ