3fef63dbeca2dc8911314410c6b04565_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3fef63dbeca2dc8911314410c6b04565_JaffaCakes118
Size

75KB
MD5

3fef63dbeca2dc8911314410c6b04565
SHA1

bde241edda25ba7f0d461e8322477ae9aef5d4b8
SHA256

d5a34e325a64af1b7ce4fce81a49b53ca11a06bbcb11df8261f98461b91f2b7f
SHA512

9c0019051f255d3310a7082fed5c6d7848af7aa0511b6f357837cc317a76cfdabb84d8f9bf8c1ed4823b162e38d7e5a1cf9af95b36cab1fb940e57ed41204fed
SSDEEP

1536:OHe3J6RHSp51n2IwF29NfIzH5ytISbV1re0DRmB4wTdJ07VEou:OHKCq3nFwSIH5ytbe0tmtTdJB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fef63dbeca2dc8911314410c6b04565_JaffaCakes118

Files

3fef63dbeca2dc8911314410c6b04565_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7250aa4801d3f004b691bce7bed8c71d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadLocale
GetSystemTimeAsFileTime
RtlUnwind
GetTickCount
OutputDebugStringA
VirtualQuery
InterlockedDecrement
GetTempPathA
GetDriveTypeA
FileTimeToLocalFileTime
LoadResource
DeleteFileA
GetExitCodeProcess
VirtualProtect
lstrcmpiA
VirtualFree
GetModuleHandleA
SizeofResource
lstrcmpiW
RtlMoveMemory
GetACP
GetProcAddress
GetCurrentThread
GetVersion

msvcrt

__getmainargs
_exit
__p___initenv
_except_handler3
__p__fmode
_adjust_fdiv
_controlfp
__p__commode
_initterm
_XcptFilter
__set_app_type

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 986B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ