52eec4ba1ead597f48c9adf5f57fa1ad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52eec4ba1ead597f48c9adf5f57fa1ad_JaffaCakes118
Size

97KB
MD5

52eec4ba1ead597f48c9adf5f57fa1ad
SHA1

0d9cdcb4d09e04b2467dfcbd600bfde65414e270
SHA256

69602a2aa1c8c0e2fdbaedd0a7f3540f5ab08fe6102fc97edc21465067e32bad
SHA512

2811c7cff1da45af844b8e874120ab45f7ef7f3caf7a2adafd7f6069385909ee2043af2ee68b449a8f2377050f426c6bdb79441fbe721ade13c4dc406970494f
SSDEEP

3072:VsM9KcXYJbqrK7ell+MuwACZgbySN7/qMoLqUh:T0Tbqrceb+MuwAagbySh/qMH2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52eec4ba1ead597f48c9adf5f57fa1ad_JaffaCakes118

Files

52eec4ba1ead597f48c9adf5f57fa1ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

98c9b40550b23b1c60f710d78943d425

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
SetLastError
MultiByteToWideChar
GetStartupInfoA
WideCharToMultiByte
CreateProcessA
ClearCommError
Sleep
EnumResourceNamesW
GetSystemTimeAsFileTime
GetCurrentProcessId
LocalAlloc
ExitProcess
GetTickCount
GetCurrentThreadId
lstrlenA
InterlockedCompareExchange
RaiseException

user32

DestroyWindow
CharNextA
MessageBoxW
GetSystemMetrics
LoadIconA
LoadImageA
LoadStringW
UnregisterClassA
CharNextW

shlwapi

PathAddBackslashW

clusapi

CloseCluster

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ