45d038b6869e86e3957abb3f4bf22af5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45d038b6869e86e3957abb3f4bf22af5_JaffaCakes118
Size

143KB
MD5

45d038b6869e86e3957abb3f4bf22af5
SHA1

22f050d1fac7474b8b50ba04d212bdea3ad898a7
SHA256

cef1fcaee807e59fee25cadbb50a8d1cf66912aa59098076e13dddfb4a092f2b
SHA512

dacd35c9d1cdcd636a34874ac44d140503951c6e866d1b96f99efc374389ffa1a44680ed7ca50fd66fc370e95d3b176a32be9af181174aa7eea211554d864c82
SSDEEP

3072:QllOKoLOaqIAEMBq6iI2s1oIgywqiOWpDDgYl5qmf:UoLOHIAvq6iI22opHqivDJl5q2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45d038b6869e86e3957abb3f4bf22af5_JaffaCakes118

Files

45d038b6869e86e3957abb3f4bf22af5_JaffaCakes118
.exe windows:9 windows x86 arch:x86

8ce62f44cbb53634d180504fd0b48619

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
GetModuleFileNameA
GetModuleHandleA
LocalFree
MultiByteToWideChar
FormatMessageW
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
GetACP
LocalAlloc
GetCommandLineW
SetUnhandledExceptionFilter
GetModuleFileNameA
GetProcessHeap
FormatMessageW
QueryPerformanceCounter
SetEvent
GetModuleHandleW
GetTickCount
SetEvent
GetProcessHeap
FormatMessageW
LocalFree
SetEvent

ntdll

NtAllocateVirtualMemory

user32

ShowWindow
DestroyWindow
PostMessageW
GetDC
ShowWindow
ShowWindow
GetSystemMetrics
LoadIconW
GetDC
LoadIconW
SetTimer
DestroyWindow
GetWindowRect
PostMessageW
LoadIconW
GetWindowRect
PostMessageW
ReleaseDC
CreateWindowExW
SetTimer
PostMessageW
LoadIconW

Sections

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ