f62f5c08481191286afb475364a2b9a2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f62f5c08481191286afb475364a2b9a2_JaffaCakes118
Size

40KB
MD5

f62f5c08481191286afb475364a2b9a2
SHA1

81e53d874a884bd814ff7c6b7ca63c558e57e6b2
SHA256

126b7ab4ed8759f6f13b107218e29afc31d8639ae31d80b428022d99b1596539
SHA512

08faecc6d06dc50a7b8963dba7593aa5470542f5bac8171627dbf3c86c938028a72136389f7d55609fdbd3f8f74537cd4a6900017a6e38a37255e5337abe0194
SSDEEP

768:+vpLiGfFqgITj/zeYLhaPD8yQD63X8BFJKOJiokDXQMTOIlu:K1FqgA/aYL8r8cX8xqDXZNu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f62f5c08481191286afb475364a2b9a2_JaffaCakes118

Files

f62f5c08481191286afb475364a2b9a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21b3b7e09164d69036bba19cfbcf7d34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CallNamedPipeA
ClearCommError
CompareStringA
EnumCalendarInfoW
ExitProcess
FoldStringA
GetDriveTypeA
GetSystemDirectoryA
SwitchToFiber
UTRegister
UnhandledExceptionFilter
WritePrivateProfileSectionW
WriteProcessMemory

advapi32

ChangeServiceConfigA
DuplicateToken
GetAccessPermissionsForObjectA
GetAuditedPermissionsFromAclA
GetNumberOfEventLogRecords
IsValidSecurityDescriptor
OpenEventLogA
RegUnLoadKeyW
RegisterServiceCtrlHandlerA
SetAclInformation
SetThreadToken

gdi32

DeleteColorSpace
EnumEnhMetaFile
EnumFontFamiliesExW
ExtTextOutA
GdiPlayScript
GetMetaRgn
PolyBezierTo
PolyPolygon
PolyTextOutW
SetViewportOrgEx
SetWindowExtEx
TextOutW

Sections

.text
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE