JaffaCakes118_a87444abe5f2b5ffa4e3b8e9bb9734ba | Triage

Sharing

General

Target

JaffaCakes118_a87444abe5f2b5ffa4e3b8e9bb9734ba
Size

108KB
MD5

a87444abe5f2b5ffa4e3b8e9bb9734ba
SHA1

e15c6ac6bc07ae0cdf7ff37ea7821db6878e1b82
SHA256

186c6d9160ed91b9a9d4904806f90c0661ccc326fa47dd54e447258f214808bd
SHA512

4b4b92247ee84d4dc6e4faf9a4bebadb90eb2d4b3aece4ef6e1c5434a400a7ed292bea3ca6432ba0032a27c7a104a84f1011d2aeb8398f710053f39528143203
SSDEEP

1536:FzKO3E5Dx0PvzfPFqXeu+z3JMJrvEz4cIQmycCXmByZew6kTrT:UO3EYPvzfPFvHqZNbLCXmSJ6kTr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a87444abe5f2b5ffa4e3b8e9bb9734ba

Files

JaffaCakes118_a87444abe5f2b5ffa4e3b8e9bb9734ba
.exe windows:4 windows x86 arch:x86

2bd7efcfe510535c9ec8a5cc79c5af88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

blolebr.pdb

Imports

kernel32

FormatMessageA
MapViewOfFile
FindClose
GetTickCount
RemoveDirectoryA
GetFullPathNameA
FormatMessageW
CreateFileA
CompareStringW
TerminateProcess
SetFilePointer
lstrlenW
GetPrivateProfileStringA
OutputDebugStringA
GetTempFileNameA
GetVersionExW
InitializeCriticalSection
WriteFile
SetEndOfFile
InterlockedDecrement
GetFileSize
SetCurrentDirectoryA
SetFileAttributesA
ExpandEnvironmentStringsA
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
CloseHandle
OpenProcess
FindNextFileA
DeleteFileA
CreateFileMappingA
GetDateFormatA
GetLastError
InterlockedIncrement
CompareStringA
FreeLibrary
GetCurrentThreadId
InterlockedCompareExchange
GetProcessHeap
GetModuleHandleA
GetDateFormatW
QueryPerformanceCounter
LocalFree

user32

GetCursorPos
SetCursorPos

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ