778e6246e36f0433da65b41a20d04977_JaffaCakes118 | Triage

Sharing

General

Target

778e6246e36f0433da65b41a20d04977_JaffaCakes118
Size

621KB
MD5

778e6246e36f0433da65b41a20d04977
SHA1

3297d69a4ecdf8c4c92f182a8010cdf319cffa56
SHA256

6b96fa385650a8891bc90e145441bb805add05285b219573bc725ed66b3f8d5c
SHA512

d016b1b05d39b3ca47fe1441de2e93dedd1f70de1ec6852aefa5ed9b8441e2ead25117213ee5806040b1e62487eaab114678e36cfb327031fbfaf70122c4a01d
SSDEEP

12288:30jhw51alVGuAODM6qDy9CSl7zsf7MQduWQTl9U3I0/FgeoDmf5uFL10t9:kVwaDpqD4BVim3DmfOh0t9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/22-87044536389230-ID.com

Files

778e6246e36f0433da65b41a20d04977_JaffaCakes118
.zip
22-87044536389230-ID.com
.exe windows:5 windows x86 arch:x86

6780ce4944e66311213167035ae008dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

Extend
Recover

kernel32

GetFileType
GetExpandedNameW
FormatMessageA
GetEnvironmentVariableA
GetCurrentProcess
OpenWaitableTimerW
HeapAlloc
GetConsoleTitleA
CreateFileMappingA
GetModuleHandleA
GetShortPathNameA
lstrcmpi
GetProcAddress
SleepEx

Sections

.text
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_MEM_EXECUTE

.ydata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_WRITE

.RSRC
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ