40e8d50275cf46eba4039dc7d71b5e0b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40e8d50275cf46eba4039dc7d71b5e0b_JaffaCakes118
Size

1000KB
MD5

40e8d50275cf46eba4039dc7d71b5e0b
SHA1

369f63f9477fe89fff3e85b72b788e0bd19c1442
SHA256

a6b3a9b112da7da808792e1ecab4655c6d9ea10d5a03c45653c0849560859cc5
SHA512

73d2180c080ba4e5e0aab3ec485041514b93072d5103b1a638eabb84581dfe144b9f08aed50c7d689d8cc149d3ab5ef9db9d08bab1de3861df6e29154803cbb2
SSDEEP

24576:7ls9sT0sV0Vn/JqB/KuQNm+KXDboo/X/w+N:JsiTH2RcuN9KTBo+N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40e8d50275cf46eba4039dc7d71b5e0b_JaffaCakes118

Files

40e8d50275cf46eba4039dc7d71b5e0b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

27e67e06bf0eddd6abea2e0c309a3653

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\To\That.pdb

Imports

kernel32

GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrcpyA
lstrlenA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
ExitProcess
CreateFileA
GetStartupInfoA

user32

CharNextA
IsCharAlphaNumericA

setupapi

SetupCloseFileQueue
SetupTermDefaultQueueCallback
SetupDiGetDeviceInterfaceDetailW
SetupCloseInfFile
SetupInstallFilesFromInfSectionA
SetupScanFileQueueA
SetupCommitFileQueueA
SetupInstallFromInfSectionA
SetupDefaultQueueCallbackA
SetupOpenInfFileA
SetupOpenAppendInfFileA
SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 348KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ