b0d8f62c87326677139cdf0e7a32129c_JaffaCakes118 | Triage

Sharing

General

Target

b0d8f62c87326677139cdf0e7a32129c_JaffaCakes118
Size

275KB
MD5

b0d8f62c87326677139cdf0e7a32129c
SHA1

7603646e2b4e56ccf76edd8784e19c50903b546b
SHA256

afc7d802d315041e52e6db567f3b79fa90142ab0cfbf0e607025cf9430cd7fbe
SHA512

448c0678b3b3b2604877748a2ad87548d517f707dd6ccb289f248804dc22c3095272a59920a4b19dc5a459e50be8149418ba728e107657fa08fd5fb8d37bf24c
SSDEEP

6144:cq6BgbtPC8jEOSMTYzN0qmrPznd8m+wjKaudJEGx+wyYtPCYjVsyA:i0tPC8jE0IGXvnT+wjhLYjVsj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
b0d8f62c87326677139cdf0e7a32129c_JaffaCakes118

Files

b0d8f62c87326677139cdf0e7a32129c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

31bc1ba9a1ccfb6b066e4ffbe755095f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
LCMapStringW
GetCPInfo
RtlUnwind
GetCurrentProcess
WriteFile
LCMapStringA
LoadLibraryA
GetOEMCP
InterlockedExchange
EnumResourceTypesW
LZCopy
VirtualAlloc
GetStringTypeA
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStringTypeW
GetLocaleInfoA

msimg32

TransparentBlt

oleacc

GetOleaccVersionInfo
AccessibleObjectFromEvent

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ