3f008c20b81b5fc730416295bbddad5f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f008c20b81b5fc730416295bbddad5f_JaffaCakes118
Size

4.5MB
MD5

3f008c20b81b5fc730416295bbddad5f
SHA1

e537019539350dad62e01ab1bfddf5fb582336fc
SHA256

652307b417768d4dc5e75fec2167c03ee9c597d59ee2a12ed35c835f57a7d08a
SHA512

79787b7589a8d4f4263c13c4a6e9611a4e3713cd85d962460d2445a396a4d54859b298f4ac0ec6547d7cb09d1441af6b0d250d1b272edfedaf2d285117073d12
SSDEEP

98304:O6ZVVrDzQN/DUjcqVRw3EBcRADP5Mul6vkQZAPwX22WSXf:O6hPi/D4VR6EIwP5MulT6AcWSX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f008c20b81b5fc730416295bbddad5f_JaffaCakes118

Files

3f008c20b81b5fc730416295bbddad5f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c98979e1d76a1c479bf60372c342faf4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
lstrcat
GetPrivateProfileStringA
GetSystemRegistryQuota
OpenJobObjectA
CancelTimerQueueTimer
GetLongPathNameA
IsProcessorFeaturePresent
ReadConsoleOutputCharacterA
GetPrivateProfileSectionNamesA
GetCurrentThread
GetCurrentDirectoryA
ClearCommError
SuspendThread
GetTimeFormatA
GetConsoleMode
WriteConsoleA
GlobalDeleteAtom
GlobalDeleteAtom
HeapQueryInformation
EnumSystemLocalesA
WaitForDebugEvent
BuildCommDCBAndTimeoutsA
GetThreadTimes
WriteConsoleOutputCharacterA
DuplicateHandle
WriteConsoleInputA
HeapSize
UpdateResourceA
SetConsoleScreenBufferSize
SetHandleInformation
GetCurrentConsoleFont
HeapFree
AddAtomA
FindAtomA
ReadConsoleOutputAttribute
GetCompressedFileSizeA
lstrcmpA
GetConsoleCursorInfo
CancelWaitableTimer
WaitForMultipleObjectsEx

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ