29ed47ef0b74bf63f6eaf2da953daab0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29ed47ef0b74bf63f6eaf2da953daab0_JaffaCakes118
Size

199KB
MD5

29ed47ef0b74bf63f6eaf2da953daab0
SHA1

55c1eaa01fb535de50f81b02285315ef8b7e6678
SHA256

a471c0fd537fded40dc496a0783c2e1f354d83600bd962732bd171aa2c90d286
SHA512

b5d1aee5250297384d2dac74ff880196afec27b2c105713b021b647875a5cd6ba08fb2c12936fa4b4078938b3bbbd45abb3e7dc3df033a820e4e992dfd1b4593
SSDEEP

3072:JQWLKb8rYvy5L+FbOyeqkVuai8Ab4YlBZfTfm1l7rVxMPKWbgCv8x:rfLcSGXIgBZrenNx7W0+8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29ed47ef0b74bf63f6eaf2da953daab0_JaffaCakes118

Files

29ed47ef0b74bf63f6eaf2da953daab0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

83fd83d21ddf749bd12c2734de1efd4c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextA
GetDesktopWindow
GetSystemMetrics
GetDC

kernel32

DeleteFileW
GetDriveTypeA
GetStartupInfoA
GetCurrentProcess
RemoveDirectoryA
GetOEMCP
IsDebuggerPresent
GetCurrentProcessId
GetACP
QueryPerformanceCounter
GetUserDefaultLangID
DeleteFileA
lstrcmpiA
GetThreadLocale
GetCurrentThreadId
GetCommandLineA
GetLastError
lstrlenW
GetCommandLineW
SetCurrentDirectoryA
GetConsoleOutputCP
Sleep
lstrlenA
GetTickCount
GetWindowsDirectoryA
lstrcmpA
GlobalFindAtomW
LoadLibraryW
MulDiv
GetCurrentThread
lstrcmpiW
GetProcessHeap
SetLastError
CopyFileA
GlobalFindAtomA
GetModuleHandleW
GetVersion
GetModuleHandleA
VirtualAlloc

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ