JaffaCakes118_402a247a67d38ddff6e5807b5156e541 | Triage

Sharing

General

Target

JaffaCakes118_402a247a67d38ddff6e5807b5156e541
Size

183KB
MD5

402a247a67d38ddff6e5807b5156e541
SHA1

64d0df4d0da57678e65e7c6ce32c5900f68052ac
SHA256

239a9ba253899e7b2850d8a85580ad1702f74ab9c63e21cb8bce9cfa487c9ad1
SHA512

fbfc4c9b6a81a4cf440c8fb797e7ae8ceb0659ba1e6db10a5bdc377931aa42057314b6458e80e5f1b1fd4f864a4b3abf07818ab100250b1325353ccc949b2031
SSDEEP

3072:VJ0PLdHSf2yB7H5KpVHTF1aMNOTavgzxXzS/nCR7dG7KkO6+9GcUuTcVltIi9:VJ0PlSf2C47zF1HgcvCrGmku9PU/ntI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_402a247a67d38ddff6e5807b5156e541

Files

JaffaCakes118_402a247a67d38ddff6e5807b5156e541
.exe windows:4 windows x86 arch:x86

eba8b00a780ad4fc7be17c3ac90c73e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

NdrByteCountPointerFree
UuidCreate
UuidToStringA
RpcStringFreeA

gdi32

UnrealizeObject
SetMapMode
BitBlt
SelectObject
GetObjectA
CreateCompatibleDC
DeleteDC
SelectPalette
RealizePalette
GetDeviceCaps

kernel32

GetFileSize
CreateFileW
GetStartupInfoA
GetTempPathW
FlushInstructionCache
RtlUnwind
GlobalUnlock
DeleteCriticalSection
GetThreadContext
GetCurrentThreadId
HeapFree
WriteProcessMemory
HeapAlloc
GlobalFree
ExitProcess
GetLastError
InterlockedIncrement
RaiseException
GetCommandLineA
GetCurrentProcess
GetVersionExW
InterlockedDecrement
FormatMessageA
LocalFree
SetLocaleInfoW
VirtualProtectEx
TlsSetValue
GlobalLock
SetLastError
DuplicateHandle
GlobalAlloc
InterlockedExchange
WaitForSingleObject
GetWindowsDirectoryW

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ