f809b3fdbf779a0ec97d314268a5173d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f809b3fdbf779a0ec97d314268a5173d_JaffaCakes118
Size

22KB
MD5

f809b3fdbf779a0ec97d314268a5173d
SHA1

32d49ec4cd4438aa901c724f31422ec825dbf66e
SHA256

cc9459ec1a58c36c20a2d5929c17d99172401af2f6b9373c3f7c7e8dc17ad7db
SHA512

5654af02677693ff8d247b9ca3533fc1c8d11e00199bf1262766dd7ae8c9bca05961bd465e146232ab7358bbd7f4bf3172a34a427bb9a252647ec88a039a8b7a
SSDEEP

384:qo/NtQf7iE+EodFj89grkV7Avae3c8F+rqHzZqaidvLItYwaVR767LX3zAvchB+w:o7iE+VdRsucNrMzk5dUvaIXiX3A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f809b3fdbf779a0ec97d314268a5173d_JaffaCakes118

Files

f809b3fdbf779a0ec97d314268a5173d_JaffaCakes118
.exe windows:1 windows x86 arch:x86

f91d7fabdfde39ef56e7e47f0981e1e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateMutexA
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
GetFileSize
GetFileTime
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetSystemDirectoryA
GlobalAlloc
GlobalFree
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetFilePointer
SetFileTime
Sleep
VirtualAlloc
WinExec
WriteFile
lstrcpyA

user32

PeekMessageA
wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

shell32

StrStrIA

imagehlp

CheckSumMappedFile
ImageLoad
ImageUnload

iphlpapi

GetAdaptersInfo

ntdll

ZwQuerySystemInformation

sfc

ord5

Sections

.flat
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ