65d93c54a10df5b5a15f43f34d10e667_JaffaCakes118 | Triage

Sharing

General

Target

65d93c54a10df5b5a15f43f34d10e667_JaffaCakes118
Size

68KB
MD5

65d93c54a10df5b5a15f43f34d10e667
SHA1

8c66e12da7c21bdcaec94abbde9d6130fac31f20
SHA256

5844d10558f2461fbf8d40cb5e91c92da2c829cb99da9ba3c88c42d9ce108666
SHA512

aa29ce495abd357b7b394796092cd3b06aa6c6aee9de262abbd7b9f80dec516230919513717df675938b24a48d57d29194dcd9a7e91d0a9efea6b4c73546c5e1
SSDEEP

1536:1T7Yexd1XXXXlCDVuF08+ldlrRPIQMg3k/Tj:F7YexrXXXXlCD58+lBIQMg3k/n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
65d93c54a10df5b5a15f43f34d10e667_JaffaCakes118

Files

65d93c54a10df5b5a15f43f34d10e667_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cef594cc150068a7328dfcc283919a94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetLongPathNameA
lstrcpyW
ExitProcess
GetExitCodeProcess
InterlockedIncrement
WriteFileEx
GetACP
GetDiskFreeSpaceW
Sleep
Heap32First
GetPrivateProfileIntA
GetPrivateProfileSectionA
Sleep
SetEnvironmentVariableA
VirtualAllocEx
GetModuleHandleW
lstrcmpA
GetDiskFreeSpaceW
WaitForSingleObject
FindResourceW
GetPrivateProfileIntA
InterlockedDecrement

apphelp

ApphelpCheckExe
AllowPermLayer
SdbCreateMsiTransformFile
ApphelpCheckIME

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dbg
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ