e7c92550be6e64999ae9e16218a25866_JaffaCakes118 | Triage

Sharing

General

Target

e7c92550be6e64999ae9e16218a25866_JaffaCakes118
Size

180KB
MD5

e7c92550be6e64999ae9e16218a25866
SHA1

eafaf59e4a8a460a28eb13920af8c0f3836d4a80
SHA256

b8beaa6691629e237109c4d4baca960540a6e39e1928ebed7fba88264220aafd
SHA512

2b0473c012f10c0aff8eb7329b01b08a024de1e7d3be95cd7084ea72beda21e44537640d7180baa704a84c8669f48e0b92621b6c2a3884ce8b223c0f92ec5f79
SSDEEP

3072:4egiUWo2EtNZeJLWkxhGfsKqV45EJK58KsTeaBpkUEsDgOSZU:3giUWCEtFhqsKC4eK56qaBTEssA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7c92550be6e64999ae9e16218a25866_JaffaCakes118

Files

e7c92550be6e64999ae9e16218a25866_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21d14fe864cc27374fec5f048fea9ec0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

kernel32

WideCharToMultiByte
GetModuleHandleA
VirtualQuery
OutputDebugStringA
GetCalendarInfoW
GetFileInformationByHandle
LocalAlloc
SearchPathW
lstrcmpiW
GetCurrentThreadId
SetEnvironmentVariableW
lstrlenW
VirtualProtect
GetModuleHandleW
GetFileAttributesW
InterlockedExchange
EnumResourceNamesA
FreeLibrary
LocalFree
GetProcessId
GetModuleFileNameW
CreateDirectoryW
InitializeCriticalSection
SetLastError
GetProcAddress
GetCurrentProcess
ExitProcess
OutputDebugStringW
GetCurrentDirectoryW
GetLastError
DuplicateHandle
MultiByteToWideChar
Sleep

ole32

CoGetMalloc
CoUninitialize
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoTaskMemFree

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ