429e437ab5b9c56e9d983ef34ca55830_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

429e437ab5b9c56e9d983ef34ca55830_JaffaCakes118
Size

484KB
MD5

429e437ab5b9c56e9d983ef34ca55830
SHA1

4703876238eb5919912c760e3741b808a10bfb0a
SHA256

8d6af80a782f0ba42323e500e0f3431ab7c993ac7f288ba6f93ec41a2fb17735
SHA512

b050c34aba39bea07a7e22f5b00541e21f579fb49ba379379034217000b380e69adc171b369d826da3f05e9e9cb400ba1056b09b3ee4ecf75c9f37e822de1933
SSDEEP

3072:W0n4feIXBFRuEW9A15gzC80lYARZqhmBGCS1dNOtyFBYiwwFGxmXb4o83agLaiUB:PnPkQ61++vlYcq/fxFaiwDho8xOfKu6I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
429e437ab5b9c56e9d983ef34ca55830_JaffaCakes118

Files

429e437ab5b9c56e9d983ef34ca55830_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ad8fa5b790815ecfb348c4d8505c04f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\src_new\dia48.pdb

Imports

kernel32

GetFileTime
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleFileNameA
CreateMutexA
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
DeleteTimerQueueTimer
InterlockedIncrement
lstrcmpiA
WaitForSingleObject
ReleaseMutex
CreateFileA
DeviceIoControl
GetLastError
CloseHandle

msvcrt

_vsnprintf
_vsnwprintf
_wcsicmp
_wcsnicmp
wcslen
free
malloc
puts

Sections

.text
Size: 460KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 679B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ