451fc03344f43fd4c09716d672cca655_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

451fc03344f43fd4c09716d672cca655_JaffaCakes118
Size

155KB
MD5

451fc03344f43fd4c09716d672cca655
SHA1

073e1280c5fd4b7120308146535099e14e0bfe62
SHA256

dff77db6b0b442b0743327a84973d2ee66647c10c4ed89e1dfaf124646a35a90
SHA512

319989a474976d199d0bfeab7b57a7431db223846ce0204463692b76d70a914fdbb0ef08ca957c74a0226518b8a94fe53c546df2e9a16e72ab6049aa27ed381e
SSDEEP

3072:9I3j3bDTY+Ugcv0BoLIzv3dOTqn1l1XRcduS+lKnBZKvtotr:9cXE+Ug80G+tOTq1WqlKneup

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
451fc03344f43fd4c09716d672cca655_JaffaCakes118

Files

451fc03344f43fd4c09716d672cca655_JaffaCakes118
.exe windows:4 windows x86 arch:x86

81f893801d482562870a68f4f15243d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
GetStdHandle
ReleaseMutex
GetCurrentProcessId
VirtualAlloc
ResetEvent
GetWindowsDirectoryA
GetCurrentThread
GetProcAddress
LoadLibraryA
VirtualProtect
LocalFree
ExitProcess
GetCurrentDirectoryA
WaitForSingleObject
CloseHandle
GetComputerNameA
LocalAlloc
GetVersionExA
CreateMutexA

user32

GetForegroundWindow
GetSystemMetrics

msvcrt

memset
wcslen
wcsncpy
memcpy

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ