56d7c90a84097e554c38e8ab6f962945_JaffaCakes118 | Triage

Sharing

General

Target

56d7c90a84097e554c38e8ab6f962945_JaffaCakes118
Size

66KB
MD5

56d7c90a84097e554c38e8ab6f962945
SHA1

c685ead0fa91a7684f36584fb45263888793f44e
SHA256

c07dc893e30ab5da190a1905253f1c089ebff215692304b971e1b4ffa5963c03
SHA512

f30ed3314b3fa6c8cb31e1d10db76acd5c5ea6f82f4dc1ff762fe289dc71205a56fbe709e8e89ca9879f68ae1490a73bc636f3384bf517fd301fff951eb56d2c
SSDEEP

1536:Q/g90J8DK0ngZIWqx9Eq2m/uaXpRKnF0Hxs5YjjjJhGINWP:im+8V2IlEmWjbYNhGCk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56d7c90a84097e554c38e8ab6f962945_JaffaCakes118

Files

56d7c90a84097e554c38e8ab6f962945_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f5edc2ae5475506694f253edb4fb5563

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
GetEnvironmentStringsW
GetCurrentProcessId
ExitProcess
DisableThreadLibraryCalls
SetStdHandle
GetOEMCP
CompareStringA
GetACP
InterlockedDecrement
GetProcAddress
GetCommandLineA
GetSystemTimeAsFileTime
GetCurrentThreadId
HeapAlloc
Sleep
GetModuleHandleA
SetEndOfFile
GetStartupInfoA
GetCPInfo
GetTickCount
SetConsoleCP
GetStringTypeA
VirtualProtect

ole32

CoInitialize
CoCreateInstance
CoCancelCall

user32

GetSubMenu
MsgWaitForMultipleObjects
PostMessageW

lz32

LZClose

msvcrt

_initterm
memset

gdi32

CreateDIBSection
SelectObject

advapi32

RegSetValueExW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ