e95d073aff907081e40e70a50dcc1f94_JaffaCakes118 | Triage

Sharing

General

Target

e95d073aff907081e40e70a50dcc1f94_JaffaCakes118
Size

181KB
MD5

e95d073aff907081e40e70a50dcc1f94
SHA1

79241ada685fd1b3839822402ab787f66eba8943
SHA256

2645b0cd0c35f48bbd041f9ff421082a39c5b6ab476aedc5b567fa81b18756ed
SHA512

18f3928718d7ae3285e982b137a0df87d7e3b4f084f8063e81c7cda3e7c3a6c6da4280dd68d34c3e987cb5fb13f6a5edd4d5e97dd57dffe416f6b522a2ff67a3
SSDEEP

3072:7mAJJqsaaHD1wt6iOB2HQK6Lc0G2GQycOAi5rlv/vvoHMN5cGLJE:aAis3wg2SLWBcOA05v/vveajL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e95d073aff907081e40e70a50dcc1f94_JaffaCakes118

Files

e95d073aff907081e40e70a50dcc1f94_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb32f7468b2a8ce02c25e12af3cfbd7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetLocaleInfoA
GetFullPathNameW
WaitForSingleObject
GetVersionExA
HeapSize
GetCalendarInfoW
GetTickCount
HeapDestroy
FindResourceA
GetNumberFormatA
GetCPInfo
GetVersion
IsDBCSLeadByte
QueryPerformanceCounter
CompareStringA
lstrcpynA
HeapCreate
Sleep
EnumResourceNamesA
lstrcpynW
GetStringTypeA
MultiByteToWideChar
GetStartupInfoA
ExitProcess
GetStringTypeW
GetCurrentProcess
GetTempPathA
InitializeCriticalSection
DeleteFileW
SystemTimeToFileTime
ExpandEnvironmentStringsA
CreateDirectoryA
DeleteFileA
GetCurrentProcessId
GetModuleFileNameA
SetHandleCount
GetFullPathNameA

gdiplus

GdipGetImageWidth
GdipDisposeImage

ole32

CoGetMalloc
StringFromGUID2
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ