fb36fb2eb7448638abc491491c7ba434_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb36fb2eb7448638abc491491c7ba434_JaffaCakes118
Size

45KB
MD5

fb36fb2eb7448638abc491491c7ba434
SHA1

2eeb6424c70da1014a0047b5d397a9f35ac7645f
SHA256

684f34a97264c11be84a3aac01807cc65246d907a851d62d0932c3ddbccdb310
SHA512

e934535998be5f082e17ede17b9185f26ed25ab117c247e62f34320197778468544ae4179834d78dd422c50a718c685e2c90de31a48185edf1d083cace9e69b3
SSDEEP

768:DVNTo60VRbuJWj4RncaRNTcWkkywiLuMxmcI3t8lTbdQrL:nwIJNnlnXyrLTxmcI3ClnE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb36fb2eb7448638abc491491c7ba434_JaffaCakes118

Files

fb36fb2eb7448638abc491491c7ba434_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9cedafd8c9d2ec24a9bf285d760558ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
LoadLibraryA
GetProcAddress
GetConsoleScreenBufferInfo
SetVolumeMountPointW
TlsAlloc
lstrlenA
VirtualProtectEx
DeleteTimerQueueEx
ExpungeConsoleCommandHistoryW
FindNextVolumeMountPointA
GetCurrentProcess
Thread32Next
SetCommMask
GetConsoleCommandHistoryLengthA
OpenProcess
MapViewOfFile
UnlockFileEx
OpenFile
GetCommConfig
BuildCommDCBW
FindAtomW
CreateHardLinkA
LockResource

user32

SetCapture

Sections

.text
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE