JaffaCakes118_b4d49571aaf0e4c2a01e10a3f0e148eb | Triage

Sharing

General

Target

JaffaCakes118_b4d49571aaf0e4c2a01e10a3f0e148eb
Size

202KB
MD5

b4d49571aaf0e4c2a01e10a3f0e148eb
SHA1

bb90ba4f2c2a6caefce1bb8c3e51e1cbb11bf57f
SHA256

71848f5f2177fbf6f955480fdea2c4dd52efde7394fc6529dffae382947afc8d
SHA512

9a1a7924cba957bc6a0004baf2b071edb96d34aaf67c4e78aa8e7da3c0d506a9f793d34d35e6233a44f99d3342dd9be33181326a0e959d4b2f4ce04448c4927f
SSDEEP

6144:9bGl7ypIzJ/y44qPHbTjkPRK4xtpJ1cak:dG8yz9y44qP4PRK4xtpJ1c3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_b4d49571aaf0e4c2a01e10a3f0e148eb

Files

JaffaCakes118_b4d49571aaf0e4c2a01e10a3f0e148eb
.exe windows:4 windows x86 arch:x86

a1d944210643a9c330313107e6dbc7b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnumDisplaySettingsW

kernel32

GetSystemTimeAsFileTime
ReplaceFileW
Sleep
InterlockedCompareExchange
GetTickCount
InterlockedExchange
GetProcessId
TerminateProcess
IsDebuggerPresent
GetCurrentThreadId
EnumResourceTypesA
SetUnhandledExceptionFilter
GetCurrentProcessId
ExitProcess
QueryPerformanceCounter
UnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess

shell32

ShellExecuteW

clusapi

CloseCluster

comctl32

InitCommonControlsEx

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ